Forum Discussion

Nimbostratus

Mar 25, 2025

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

Yesterday a set of 5 critical vulnerability was announced in ingress-nginx which allows remote code exec and reading secrets for unauthenticated users. The discoverers have named this #IngressNightmare.

As I understand it, F5's nginx-ingress uses the same codebase.

Can F5 confirm whether nginx-ingress is or is not vulnerable to these vulnerabilities?

Thanks! MisterPaul

References:

https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

security

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

nginx-ingress and CVE-2025-1974 (aka IngressNightmare)

1 Reply

Introducing the F5 Application Study Tool (AST)

Displaying Application Study Tool (AST) Dashboards in Your Own Grafana Instance

Recent Discussions

What dose "Accept" do in BIG-IP ASM event logs

Is anyone using Certbot for F5 certificate automation? If not, what tool do you use?

Change Content-Type from application/octet-stream to multipart/form-data

f5 AI Gateway pii-redactor not working

Terraform apply failures - loadbalancer_type.https.port_choice

Related Content

IngressNightmare, Next.js critical, More Agents, pwned

JWT authorization with NGINX Ingress Controller

Announcing F5 NGINX Ingress Controller v4.0.0

F5 NGINX Automation Examples [Part 1-Deploy F5 NGINX Ingress Controller with App ProtectV5 ]

Integrating Hashicorp Vault with Cert Manager and F5 NGINX Ingress Controller

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS