Forum Discussion

Nimbostratus

Mar 25, 2025

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

Yesterday a set of 5 critical vulnerability was announced in ingress-nginx which allows remote code exec and reading secrets for unauthenticated users. The discoverers have named this #IngressNightma...

security

Jmtaylor

Moderator

Mar 26, 2025

misterpaul

Hello this was released yesterday afternoon in response to your question.

Kubernetes ingress-nginx vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, and CVE-2025-24514

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

The Ingress NGINX Alternative: F5 NGINX Ingress Controller for the Long Term

JWT authorization with NGINX Ingress Controller

IngressNightmare, Next.js critical, More Agents, pwned

Manage Thousands of F5 NGINX Ingress VirtualServerRoutes with Kustomize

Announcing F5 NGINX Ingress Controller v4.0.0

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS