Read Time:1 Minute, 35 Second
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as “IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers available for Kubernetes. Using Ingress-NGINX is one of the most common methods for exposing Kubernetes applications externally.CVE-2025-1974 is considered the most serious of the five and has been assigned a CVSS score of 9.8 (critical). When chained with one of the lower severity vulnerabilities, it allows for unauthenticated remote code execution. This exploitation could result in the exposure of sensitive information that the controller can access. Consequently, unauthenticated attackers have the potential to compromise the system by executing unauthorized code.What is the recommended Mitigation?Kubernetes has responded publicly to the disclosure of CVE-2025-1974, encouraging users to install patches released by the Ingress-nginx team that remediates CVE-2025-1974 including all five vulnerabilities listed: https://github.com/kubernetes/ingress-nginx/releasesFortiGuard Labs recommends users to follow instructions and mitigation steps as mentioned on the vendor’s advisory and follow other mitigation guidance: Ingress-nginx CVE-2025-1974: What You Need to Know | KubernetesFirst, determine if your clusters are using ingress-nginx.Enforce strict network policies so only the Kubernetes API Server can access the admission controller.Temporarily disable the admission controller component of Ingress-NGINX if you cannot upgrade right away.What FortiGuard Coverage is available?Lacework FortiCNAPP has available Continuous Security and Posture Analysis: How does Lacework FortiCNAPP Protect from… – Fortinet Community-Behavior Anomaly Detection flags, such as unexplained container processes and suspicious user activities, aligning with CVE-2025-1974. -Posture analysis that detects high-risk Kubernetes settings, such as enabled snippet annotations, and identifies additional misconfigurations (e.g. privileged containers or open service ports).The FortiGuard Incident Response team can be engaged to help with any suspected compromise.FortiGuard Labs will provide updates as more information becomes available.
