CVE-2025-1974

ADVISORY - github

Summary

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

EPSS Score⁠: 0.91853 (0.997)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-653⁠

Improper Isolation or Compartmentalization

ADVISORY - github

CWE-653⁠

Improper Isolation or Compartmentalization

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-653⁠

Improper Isolation or Compartmentalization

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.