关联漏洞
标题:
Kubernetes ingress-nginx 安全漏洞
(CVE-2025-1974)
描述:Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
描述
PoC for CVE-2025-1974: Critical RCE in Ingress-NGINX (<v1.12.1) via unsafe config injection. Exploitable from the pod network without credentials, enabling code execution and potential cluster takeover. Fixed in v1.12.1 and v1.11.5. For research/education only.
介绍
⚠️ Critical RCE in Ingress-NGINX via Configuration Injection (**CVE-2025-1974** and more)<br><br>This repository contains a proof-of-concept (PoC) exploit for **CVE-2025-1974**, a Critical (**CVSS 9.8**) vulnerability in the Ingress-NGINX controller for Kubernetes. This flaw allows unauthenticated remote code execution via unsafe configuration injection when using the Validating Admission Controller. It is the most serious of a set of five vulnerabilities disclosed and patched on March 26, 2025.<br><br>📌 Impact:<br>• Affected Versions: Ingress-NGINX controller prior to v1.12.1 / v1.11.5<br>• Attack Surface:<br> • Exploitable by any workload on the Pod network — no credentials or admin privileges required<br> • Attackers can inject arbitrary NGINX directives (e.g., content_by_lua_block) via annotations like configuration-snippet<br> • When combined with misconfigurations, attackers can exfiltrate Secrets or achieve full cluster compromise<br>• Scope:<br> • Ingress-NGINX often has access to all cluster Secrets by default<br> • Pods in a typical cloud VPC or corporate network can reach the admission controller endpoint<br> • Affected clusters include those running Ingress-NGINX with admission control enabled (default in many setups)<br><br>🛡️ Mitigation:<br>• Upgrade to Ingress-NGINX v1.12.1 or v1.11.5<br>• Disable risky annotations (configuration-snippet, server-snippet, etc.)<br>• Lock down network access to the Validating Admission Webhook<br>• Apply strict RBAC to prevent unauthorized Ingress creation<br><br>🧪 This PoC demonstrates how attackers can leverage the vulnerability to run arbitrary code inside the ingress controller pod — which often has access to internal services and secrets — escalating to full cluster takeover in vulnerable configurations.<br><br>🚨 Disclaimer: This PoC is for educational and research purposes only. Do not use it without explicit permission.
文件快照
[4.0K] /data/pocs/d10c742dae934f099d82c599245ad27ea4a5a748
├── [2.6K] IngressNightmare.py
└── [1.9K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。