Forum Discussion

Nimbostratus

Mar 25, 2025

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

Yesterday a set of 5 critical vulnerability was announced in ingress-nginx which allows remote code exec and reading secrets for unauthenticated users. The discoverers have named this #IngressNightma...

security

Jmtaylor

Moderator

Mar 26, 2025

misterpaul

Hello this was released yesterday afternoon in response to your question.

Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

Illegal Metacharacter in Parameter Name in Json Data

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

JWT authorization with NGINX Ingress Controller

IngressNightmare, Next.js critical, More Agents, pwned

Manage Thousands of F5 NGINX Ingress VirtualServerRoutes with Kustomize

Announcing F5 NGINX Ingress Controller v4.0.0

NGINX ingress proxy for Consul Service Mesh

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS