支持本站 — 捐款将帮助我们持续运营

目标: 1000 元,已筹: 1000

100.0%
立即捐款
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-1974 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
ingress-nginx admission controller RCE escalation
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
不充分的划分
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Kubernetes ingress-nginx 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
kubernetesingress-nginx 0 ~ 1.11.4 -
二、漏洞 CVE-2025-1974 的公开POC
#POC 描述源链接神龙链接
1Worlds First Public POC for CVE-2025-1974 lolhttps://github.com/sandumjacob/IngressNightmare-POCsPOC详情
2Nonehttps://github.com/yoshino-s/CVE-2025-1974POC详情
3Nonehttps://github.com/yanmarques/CVE-2025-1974POC详情
4IngressNightmare POC. world first remote exploitation and with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-1974 https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities#how-did-we-discover-ingressnightmare-24 https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-expsPOC详情
5PoC for CVE-2025-1974: Critical RCE in Ingress-NGINX (<v1.12.1) via unsafe config injection. Exploitable from the pod network without credentials, enabling code execution and potential cluster takeover. Fixed in v1.12.1 and v1.11.5. For research/education only.https://github.com/dttuss/IngressNightmare-RCE-POCPOC详情
6Poc for Ingress RCE https://github.com/zwxxb/CVE-2025-1974POC详情
7Proof-of-Concept Tool to detect IngressNightmare (CVE-2025-1974) via (non-intrusive) active means.https://github.com/m-q-t/ingressnightmare-detection-pocPOC详情
8PoC of CVE-2025-1974, modified from the world-first PoC~https://github.com/hi-unc1e/CVE-2025-1974-pocPOC详情
9A minimal test tool to help detect annotation injection vulnerabilities in Kubernetes NGINX Ingress controllers. This script sends a crafted AdmissionReview request to simulate a potential exploit path from CVE-2025-1974 and checks for signs of misinterpreted annotations in controller logs.https://github.com/0xBingo/CVE-2025-1974POC详情
10IngressNightmare (CVE-2025-1974)https://github.com/tuladhar/ingress-nightmarePOC详情
11POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974POC详情
12CVE-2025-1974 PoC 코드https://github.com/zulloper/CVE-2025-1974POC详情
13Exploit CVE-2025-1974 with a single file.https://github.com/Rubby2001/CVE-2025-1974-goPOC详情
14A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-1974.yamlPOC详情
15A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controllerhttps://github.com/projectdiscovery/nuclei-templates/blob/main/cloud/kubernetes/cves/2025/CVE-2025-1974-k8s.yamlPOC详情
16Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%BA%91%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E/Kubernetes%20Ingress-nginx%20admission%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-1974.mdPOC详情
17https://github.com/vulhub/vulhub/blob/master/ingress-nginx/CVE-2025-1974/README.mdPOC详情
18Nonehttps://github.com/chhhd/CVE-2025-1974POC详情
19WHS3기 가상화 취약한(CVE) Docker 환경 구성 과제https://github.com/salt318/CVE-2025-1974POC详情
20Nonehttps://github.com/abrewer251/CVE-2025-1974_IngressNightmare_PoCPOC详情
21Nonehttps://github.com/Rickerd12/exploit-cve-2025-1974POC详情
22CVE-2025-1974https://github.com/B1ack4sh/Blackash-CVE-2025-1974POC详情
23Nonehttps://github.com/Armand2002/Exploit-CVE-2025-1974-LabPOC详情
24Nonehttps://github.com/BiiTts/POC-IngressNightmare-CVE-2025-1974POC详情
25Nonehttps://github.com/iteride/CVE-2025-1974POC详情
26My view on IngressNightmare vulnerability (CVE-2025-1974)https://github.com/I3r1h0n/IngressNightterrorPOC详情
27CVE-2025-1974https://github.com/Ashwesker/Blackash-CVE-2025-1974POC详情
28Kubernetes Ingress-nginx RCE (IngressNightmare)https://github.com/gunyakit/CVE-2025-1974-PoC-exploitPOC详情
29CVE-2025-1974https://github.com/Ashwesker/Ashwesker-CVE-2025-1974POC详情
30 ingress-nginx admission controller RCE escalation PoChttps://github.com/BoianEduard/CVE-2025-1974POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-1974 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: ingress-nginx
Same vendor: kubernetes
Same weakness: CWE-653
V. Comments for CVE-2025-1974

暂无评论

发表评论