一、 漏洞 CVE-2025-1974 基础信息
漏洞信息
                                        # Ingress-Nginx 准入控制器 RCE 漏洞升级

## 漏洞概述
Kubernetes 中发现了一个安全问题,未经授权的攻击者在某些条件下,可以通过访问 pod 网络,在 ingress-nginx 控制器的上下文中执行任意代码,进而泄露控制器可以访问的所有 Secret。

## 影响版本
未指定特定版本。

## 漏洞细节
- **攻击路径**: 通过 pod 网络访问 ingress-nginx 控制器。
- **攻击者权限**: 无需认证。
- **攻击后果**: 可以执行任意代码并泄露控制器可访问的所有 Secret。

## 影响
- **数据泄露**: 可泄露集群内所有 Secret。
- **默认安装**: 默认情况下,控制器可访问集群中所有的 Secret。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
ingress-nginx admission controller RCE escalation
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
不充分的划分
来源:美国国家漏洞数据库 NVD
漏洞标题
Kubernetes ingress-nginx 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-1974 的公开POC
# POC 描述 源链接 神龙链接
1 Worlds First Public POC for CVE-2025-1974 lol https://github.com/sandumjacob/IngressNightmare-POCs POC详情
2 None https://github.com/yoshino-s/CVE-2025-1974 POC详情
3 None https://github.com/yanmarques/CVE-2025-1974 POC详情
4 IngressNightmare POC. world first remote exploitation and with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-1974 https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities#how-did-we-discover-ingressnightmare-24 https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps POC详情
5 PoC for CVE-2025-1974: Critical RCE in Ingress-NGINX (<v1.12.1) via unsafe config injection. Exploitable from the pod network without credentials, enabling code execution and potential cluster takeover. Fixed in v1.12.1 and v1.11.5. For research/education only. https://github.com/dttuss/IngressNightmare-RCE-POC POC详情
6 Poc for Ingress RCE https://github.com/zwxxb/CVE-2025-1974 POC详情
7 Proof-of-Concept Tool to detect IngressNightmare (CVE-2025-1974) via (non-intrusive) active means. https://github.com/m-q-t/ingressnightmare-detection-poc POC详情
8 PoC of CVE-2025-1974, modified from the world-first PoC~ https://github.com/hi-unc1e/CVE-2025-1974-poc POC详情
9 A minimal test tool to help detect annotation injection vulnerabilities in Kubernetes NGINX Ingress controllers. This script sends a crafted AdmissionReview request to simulate a potential exploit path from CVE-2025-1974 and checks for signs of misinterpreted annotations in controller logs. https://github.com/0xBingo/CVE-2025-1974 POC详情
10 IngressNightmare (CVE-2025-1974) https://github.com/tuladhar/ingress-nightmare POC详情
11 POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974 https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974 POC详情
12 CVE-2025-1974 PoC 코드 https://github.com/zulloper/CVE-2025-1974 POC详情
13 Exploit CVE-2025-1974 with a single file. https://github.com/Rubby2001/CVE-2025-1974-go POC详情
14 A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-1974.yaml POC详情
15 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller https://github.com/projectdiscovery/nuclei-templates/blob/main/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yaml POC详情
16 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%BA%91%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E/Kubernetes%20Ingress-nginx%20admission%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-1974.md POC详情
17 https://github.com/vulhub/vulhub/blob/master/ingress-nginx/CVE-2025-1974/README.md POC详情
18 None https://github.com/chhhd/CVE-2025-1974 POC详情
19 WHS3기 가상화 취약한(CVE) Docker 환경 구성 과제 https://github.com/salt318/CVE-2025-1974 POC详情
20 None https://github.com/abrewer251/CVE-2025-1974_IngressNightmare_PoC POC详情
21 None https://github.com/Rickerd12/exploit-cve-2025-1974 POC详情
22 CVE-2025-1974 https://github.com/B1ack4sh/Blackash-CVE-2025-1974 POC详情
23 None https://github.com/Armand2002/Exploit-CVE-2025-1974-Lab POC详情
三、漏洞 CVE-2025-1974 的情报信息
四、漏洞 CVE-2025-1974 的评论

暂无评论

发表评论