First published: Mon Mar 24 2025(Updated: )
<p>Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.</p> <p>Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.</p> <p>Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.</p>
Credit: jordan@liggitt.net
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Azure Kubernetes Service Node on Azure Linux | ||
go/k8s.io/ingress-nginx | >=1.12.0-beta.0<1.12.1 | 1.12.1 |
go/k8s.io/ingress-nginx | <1.11.5 | 1.11.5 |
F5 BIG-IP Next Central Manager |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2025-24514 is considered a high-severity vulnerability due to its potential for remote code execution.
To mitigate CVE-2025-24514, update the ingress-nginx controller to the latest version that patches this vulnerability.
CVE-2025-24514 affects the Azure Kubernetes Service, particularly those using the ingress-nginx controller.
CVE-2025-24514 is categorized as a remote code execution vulnerability within Kubernetes.
The potential impacts of CVE-2025-24514 include unauthorized access and control over the Kubernetes environment, leading to data breaches.