Advisory Published
Updated

F5-K000150538

First published: Tue Mar 25 2025(Updated: )

CVE-2025-1097 (also known as IngressNightmare) A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) CVE-2025-1098 (also known as IngressNightmare) A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) CVE-2025-1974 (also known as IngressNightmare) A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) CVE-2025-24514 (also known as IngressNightmare) A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Affected SoftwareAffected VersionHow to fix
F5 BIG-IP Next Central Manager

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of F5-K000150538?

    The severity of F5-K000150538 is critical due to the potential for arbitrary code execution.

  • How do I fix F5-K000150538?

    To mitigate F5-K000150538, ensure that you do not use the `auth-tls-match-cn` Ingress annotation in your configurations.

  • What systems are affected by F5-K000150538?

    F5-K000150538 affects the F5 BIG-IP Next Central Manager software.

  • Can F5-K000150538 result in data exposure?

    Yes, F5-K000150538 can potentially lead to unauthorized access and data exposure.

  • Is there a workaround for F5-K000150538?

    Currently, no official workaround exists for F5-K000150538 aside from avoiding the vulnerable Ingress annotation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203