支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:702

70.2%
立即捐款
一、 漏洞 CVE-2025-1974 基础信息
漏洞信息
                                        # Ingress-Nginx 准入控制器 RCE 漏洞升级

## 漏洞概述
Kubernetes 中发现了一个安全问题,未经授权的攻击者在某些条件下,可以通过访问 pod 网络,在 ingress-nginx 控制器的上下文中执行任意代码,进而泄露控制器可以访问的所有 Secret。

## 影响版本
未指定特定版本。

## 漏洞细节
- **攻击路径**: 通过 pod 网络访问 ingress-nginx 控制器。
- **攻击者权限**: 无需认证。
- **攻击后果**: 可以执行任意代码并泄露控制器可访问的所有 Secret。

## 影响
- **数据泄露**: 可泄露集群内所有 Secret。
- **默认安装**: 默认情况下,控制器可访问集群中所有的 Secret。
神龙判断

是否为 Web 类漏洞:

判断理由:

是。这个漏洞存在于Kubernetes的ingress-nginx控制器中,允许未认证的攻击者在特定条件下通过Pod网络执行任意代码,从而可能泄露控制器可访问的所有 Secrets。这属于服务端的漏洞,因为漏洞影响的是部署在服务器上的Kubernetes集群组件。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
ingress-nginx admission controller RCE escalation
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
不充分的划分
来源:美国国家漏洞数据库 NVD
漏洞标题
Kubernetes ingress-nginx 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-1974 的公开POC
#POC 描述源链接神龙链接
1Worlds First Public POC for CVE-2025-1974 lolhttps://github.com/sandumjacob/IngressNightmare-POCsPOC详情
2Nonehttps://github.com/yoshino-s/CVE-2025-1974POC详情
3Nonehttps://github.com/yanmarques/CVE-2025-1974POC详情
4IngressNightmare POC. world first remote exploitation and with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-1974 https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities#how-did-we-discover-ingressnightmare-24 https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-expsPOC详情
5PoC for CVE-2025-1974: Critical RCE in Ingress-NGINX (<v1.12.1) via unsafe config injection. Exploitable from the pod network without credentials, enabling code execution and potential cluster takeover. Fixed in v1.12.1 and v1.11.5. For research/education only.https://github.com/dttuss/IngressNightmare-RCE-POCPOC详情
6Poc for Ingress RCE https://github.com/zwxxb/CVE-2025-1974POC详情
7Proof-of-Concept Tool to detect IngressNightmare (CVE-2025-1974) via (non-intrusive) active means.https://github.com/m-q-t/ingressnightmare-detection-pocPOC详情
8PoC of CVE-2025-1974, modified from the world-first PoC~https://github.com/hi-unc1e/CVE-2025-1974-pocPOC详情
9A minimal test tool to help detect annotation injection vulnerabilities in Kubernetes NGINX Ingress controllers. This script sends a crafted AdmissionReview request to simulate a potential exploit path from CVE-2025-1974 and checks for signs of misinterpreted annotations in controller logs.https://github.com/0xBingo/CVE-2025-1974POC详情
10IngressNightmare (CVE-2025-1974)https://github.com/tuladhar/ingress-nightmarePOC详情
11POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974POC详情
12CVE-2025-1974 PoC 코드https://github.com/zulloper/CVE-2025-1974POC详情
13Exploit CVE-2025-1974 with a single file.https://github.com/Rubby2001/CVE-2025-1974-goPOC详情
14A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-1974.yamlPOC详情
15A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controllerhttps://github.com/projectdiscovery/nuclei-templates/blob/main/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yamlPOC详情
16Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%BA%91%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E/Kubernetes%20Ingress-nginx%20admission%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-1974.mdPOC详情
17https://github.com/vulhub/vulhub/blob/master/ingress-nginx/CVE-2025-1974/README.mdPOC详情
18Nonehttps://github.com/chhhd/CVE-2025-1974POC详情
19WHS3기 가상화 취약한(CVE) Docker 환경 구성 과제https://github.com/salt318/CVE-2025-1974POC详情
20Nonehttps://github.com/abrewer251/CVE-2025-1974_IngressNightmare_PoCPOC详情
21Nonehttps://github.com/Rickerd12/exploit-cve-2025-1974POC详情
22CVE-2025-1974https://github.com/B1ack4sh/Blackash-CVE-2025-1974POC详情
23Nonehttps://github.com/Armand2002/Exploit-CVE-2025-1974-LabPOC详情
24Nonehttps://github.com/BiiTts/POC-IngressNightmare-CVE-2025-1974POC详情
25Nonehttps://github.com/iteride/CVE-2025-1974POC详情
26My view on IngressNightmare vulnerability (CVE-2025-1974)https://github.com/I3r1h0n/IngressNightterrorPOC详情
27CVE-2025-1974https://github.com/Ashwesker/Blackash-CVE-2025-1974POC详情
28Kubernetes Ingress-nginx RCE (IngressNightmare)https://github.com/gunyakit/CVE-2025-1974-PoC-exploitPOC详情
三、漏洞 CVE-2025-1974 的情报信息
四、漏洞 CVE-2025-1974 的评论

暂无评论

发表评论