// For flags

CVE-2025-24514

ingress-nginx controller - configuration injection via unsanitized auth-url annotation

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

< 1%
*EPSS

Affected Versions

2
*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

*Credits: Nir Ohfeld, Ronen Shustin, Sagi Tzadik
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2025-01-23 CVE Reserved
  • 2025-03-24 CVE Published
  • 2025-03-27 CVE Updated
  • 2025-03-27 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-137: Parameter Injection
References (2)
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions (2)