CVE-2025-1974: vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster

Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ by ⁨beerclue@lemmy.world⁩ to ⁨selfhosted@lemmy.world⁩

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

cross-posted from: lemmy.world/post/27407351

When combined with today’s other vulnerabilities, CVE-2025-1974 means that anything on the Pod network has a good chance of taking over your Kubernetes cluster, with no credentials or administrative access required.

source

Comments

Sort:hotnew top

scrubbles@poptalk.scrubbles.tech ⁨1⁩ ⁨week⁩ ago
Great callout, thanks for posting

source
marauding_gibberish142@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago
Isn’t this only for people running NGINX?

source
- irotsoma@lemmy.blahaj.zone ⁨1⁩ ⁨week⁩ ago
  Yes it’s defects in the ingress-nginx controller package.
  
  source