The Kubernetes challenge has launched patches for 5 vulnerabilities in a broadly used common part known as the Ingress NGINX Controller that’s used to route exterior visitors to Kubernetes companies. If exploited, the flaw might enable attackers to fully take over complete clusters.
“Primarily based on our evaluation, about 43% of cloud environments are weak to those vulnerabilities, with our analysis uncovering over 6,500 clusters, together with Fortune 500 firms, that publicly expose weak Kubernetes ingress controllers’ admission controllers to the general public web — placing them at speedy important threat,” wrote researchers from cloud safety agency Wiz who found and reported the flaws.
Collectively dubbed IngressNightmare by the Wiz analysis crew, the vulnerabilities are tracked as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974. They had been mounted in variations 1.12.1 and 1.11.5 of Ingress NGINX Controller (Ingress-NGINX) launched on Monday. A fifth flaw, tracked as CVE-2025-24513, was additionally recognized and patched in these releases.