New releases and CVE-2025-1974 information
16 views
Skip to first unread message
James Strong
Mar 24, 2025, 9:31:38 PMMar 24
to ingress-nginx-dev
Hello everyone, we have a release announcement, and it is imperative that you read it and upgrade your ingress-nginx controllers to the latest versions. The most egregious one is CVE-2025-1974: ingress-nginx admission controller RCE escalation, which is a 9.8.
If you have any issues please open a GitHub issue https://github.com/kubernetes/ingress-nginx/issues
See these GitHub issues for more details:
- CVE-2025-24513: https://github.com/kubernetes/kubernetes/issues/131005
- CVE-2025-24514: https://github.com/kubernetes/kubernetes/issues/131006
- CVE-2025-1097: https://github.com/kubernetes/kubernetes/issues/131007
- CVE-2025-1098: https://github.com/kubernetes/kubernetes/issues/131008
- CVE-2025-1974: https://github.com/kubernetes/kubernetes/issues/131009
Releases:
- https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
- https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
Kubernetes Blog post detailing the CVE’s
Also on the Kubernetes-Announce Group https://groups.google.com/g/kubernetes-announce/c/D7ERcBhtuuc
Reply all
Reply to author
Forward
0 new messages