Ingress-nginx admission controller RCE escalation (CVE-2025-1974)
25652
24 April 2025
24 April 2025
CLOSED
LOW
9.8 - CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2025-1974
|
Brocade Security Advisory ID |
BSA-2025-2934 |
|
Component |
Ingress-nginx |
|
|
|
Summary
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) More at: https://github.com/kubernetes/kubernetes/issues/131009
Products Confirmed Not Affected
- Brocade SANnav is not affected. [Vex Status Code: Vulnerable_Component_Not_Present].
- Brocade Fabric OS is Not Affected.[Vex Status Code: Component_not_present].
- Brocade ASCG is Not Affected. [Vex Status Code: Component_not_present].
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
4/24/2025 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.