CVE-2025-1098

ingress-nginx controller - configuration injection via unsanitized mirror annotations

CVSS 8.8 HIGHEPSS 83.1%CWE-20

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

kubernetes · ingress-nginx

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/52475unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/kubernetes/kubernetes/issues/131008 https://security.netapp.com/advisory/ntap-20250328-0008/https://www.exploit-db.com/exploits/52475