CVE-2025-24514 Scanner

Ingress-Nginx is a widely used Ingress controller for Kubernetes clusters that handles the routing of external traffic to services within the cluster. It enables various types of traffic management in Kubernetes, such as load balancing, SSL termination, and more. It is deployed by DevOps teams to manage traffic to their applications, especially in cloud-based and containerized environments. Ingress-Nginx provides flexibility and scalability, making it a common choice for Kubernetes users. Due to its powerful role in traffic management, a vulnerability in the Ingress-Nginx controller can have a significant impact on the security of Kubernetes clusters. This vulnerability is critical in systems that rely on Ingress-Nginx for secure and reliable traffic handling.

The vulnerability in Ingress-Nginx allows an attacker to inject arbitrary configuration into the Nginx controller by exploiting the `auth-url` annotation in Ingress resources. This injection can result in the execution of arbitrary code within the Nginx controller context, leading to a breach of the security of the system. The vulnerability arises because the `auth-url` annotation is unsanitized, allowing attackers to manipulate the configuration of the controller. The exploitation of this issue can lead to significant risks, such as the disclosure of secrets and remote code execution within the cluster.

This vulnerability affects the `auth-url` Ingress annotation in Ingress-Nginx. An attacker can craft a malicious Ingress resource that includes a specially crafted URL within the `auth-url` annotation. The annotation is intended to configure authentication URLs, but due to the lack of proper sanitization, it can be exploited to inject additional configurations such as `load_module` directives into the Nginx configuration. This could enable arbitrary code execution within the Nginx process, leading to the potential compromise of the entire Kubernetes cluster. Additionally, the default configuration allows the controller to access all secrets within the cluster, increasing the severity of the vulnerability.

If this vulnerability is exploited, it could lead to arbitrary code execution within the Nginx controller, allowing an attacker to take full control of the ingress controller. The attacker could inject malicious configurations, execute arbitrary commands, or modify the Nginx setup to bypass security controls. This can also result in the disclosure of sensitive data, including Kubernetes secrets, that are accessible to the controller. Furthermore, the exploitation of this vulnerability may lead to service disruption, data loss, and potentially allow the attacker to pivot to other components within the Kubernetes cluster.

References:

• https://github.com/kubernetes/kubernetes/issues/131006
• https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
• https://nvd.nist.gov/vuln/detail/CVE-2025-24514