CVE-2025-1974 PoC — Kubernetes ingress-nginx 安全漏洞

Source

https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974

Associated Vulnerability

Title:Kubernetes ingress-nginx 安全漏洞 (CVE-2025-1974)
Description:Kubernetes ingress-nginx是云原生计算基金会（Cloud Native Computing Foundation）开源的Kubernetes 的入口控制器，使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞，该漏洞源于在某些条件下，未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码，可能导致Secrets泄露。

Description

POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974

Readme

# POC of IngressNightmare (CVE-2025-1974)

>Developed from:
- https://github.com/yoshino-s/CVE-2025-1974
- https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

Talk is cheap, just look at the code.

Detailed can be found at https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

## Usage

1. Change the ip in `shell.c`
2. Check the docker is available and run `make shell.so`. (We need to build so in alpine to make sure it can works in nginx-ingress-controller which is base on musl-libc)
3. Run `python3 exploit.py` to get your shell.

> You may need to change the range at line 25 and 26, which indicates the range of the pid and fd. The default value is a compromise between the speed and the success rate.

File Snapshot


 [4.0K]  /data/pocs/94b0750893bf00a55f7183317e5b00a3095fef4a
├── [ 328]  build.sh
├── [2.2K]  exploit.py
├── [ 100]  Makefile
├── [ 183]  pyproject.toml
├── [ 734]  README.md
├── [1.8K]  req.json
├── [ 425]  req.yaml
├── [ 715]  shell.c
└── [5.3K]  uv.lock

0 directories, 9 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!