Vulnerability Description
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://https://github.com/kubernetes/kubernetes/issues/131009
- https://github.com/B1ack4sh/Blackash-CVE-2025-1974
- https://security.netapp.com/advisory/ntap-20250328-0008/
- https://www.exploit-db.com/exploits/52475
FAQ
What is CVE-2025-1974?
CVE-2025-1974 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingr...
How severe is CVE-2025-1974?
CVE-2025-1974 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-1974?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.