Forum Discussion

Nimbostratus

Mar 25, 2025

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

Yesterday a set of 5 critical vulnerability was announced in ingress-nginx which allows remote code exec and reading secrets for unauthenticated users. The discoverers have named this #IngressNightmare.

As I understand it, F5's nginx-ingress uses the same codebase.

Can F5 confirm whether nginx-ingress is or is not vulnerable to these vulnerabilities?

Thanks! MisterPaul

References:

https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

security

1 Reply

Jmtaylor
Moderator
Mar 26, 2025
misterpaul

Hello this was released yesterday afternoon in response to your question.

Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

1 Reply

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

Illegal Metacharacter in Parameter Name in Json Data

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Related Content

JWT authorization with NGINX Ingress Controller

IngressNightmare, Next.js critical, More Agents, pwned

Manage Thousands of F5 NGINX Ingress VirtualServerRoutes with Kustomize

Announcing F5 NGINX Ingress Controller v4.0.0

NGINX ingress proxy for Consul Service Mesh

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS