The Kubernetes venture has launched patches for 5 vulnerabilities in a extensively used in style element known as the Ingress NGINX Controller that’s used to route exterior site visitors to Kubernetes companies. If exploited, the flaw may enable attackers to utterly take over total clusters.
“Based mostly on our evaluation, about 43% of cloud environments are weak to those vulnerabilities, with our analysis uncovering over 6,500 clusters, together with Fortune 500 firms, that publicly expose weak Kubernetes ingress controllers’ admission controllers to the general public web — placing them at speedy crucial danger,” wrote researchers from cloud safety agency Wiz who discovered and reported the issues.
Collectively dubbed IngressNightmare by the Wiz analysis group, the vulnerabilities are tracked as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974. They had been mounted in variations 1.12.1 and 1.11.5 of Ingress NGINX Controller (Ingress-NGINX) launched on Monday. A fifth flaw, tracked as CVE-2025-24513, was additionally recognized and patched in these releases.
