CVE-2025-1097 is a high-severity configuration injection vulnerability in the Kubernetes ingress-nginx controller. The issue arises from unsafe handling of the auth-tls-match-cn Ingress annotation, which can be used to inject attacker-controlled configuration into the generated nginx configuration. By supplying a crafted Ingress object containing a malicious auth-tls-match-cn value, an attacker with low privileges sufficient to create or modify Ingress resources can cause nginx to process unintended directives. The available reporting states this can lead to arbitrary code execution in the context of the ingress-nginx controller and disclosure of Kubernetes Secrets accessible to that controller. Because ingress-nginx commonly has broad Secret access and in default installations may access Secrets cluster-wide, the vulnerability can materially increase blast radius beyond the ingress component itself. Affected versions are ingress-nginx controller versions prior to v1.11.5 and v1.12.1.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
auth-tls-match-cn annotation. Apply least-privilege RBAC to ingress management workflows, monitor ingress-nginx logs and Kubernetes API activity for suspicious Ingress updates, and reduce the controller's Secret access where operationally feasible. General ingress-nginx guidance in the supplied material also recommends following vendor hardening guidance and increasing monitoring and detection; however, the specific temporary mitigation of disabling the Validating Admission Controller is primarily associated with CVE-2025-1974 rather than this annotation flaw.Patch, then assume compromise.
auth-tls-match-cn annotation. Because patching does not remediate prior compromise, rotate any potentially exposed Secrets and investigate controller and cluster activity for signs of exploitation.2 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (1 hidden).
This repository contains two Python scripts, IngressNightmareV1.py and IngressNightmareV2.py, which are nearly identical in structure and function. Both scripts implement an exploit targeting Kubernetes environments, specifically leveraging exposed ingress endpoints and admission webhooks. The exploit works in two stages: first, it uploads a malicious ELF shared object (provided as a base64-encoded string in the script) to the ingress endpoint via a crafted HTTP POST request. Second, it attempts to brute-force file descriptors on the admission webhook endpoint by sending requests to /proc/{pid}/fd/{fd} paths, potentially exploiting a vulnerability that allows the attacker to keep the malicious file open and trigger its execution. The scripts use threading and concurrent requests to maximize the chance of success. The main capabilities are remote code execution or privilege escalation within a Kubernetes cluster. The scripts require the attacker to provide the ingress and admission webhook URLs as arguments. No hardcoded IPs or domains are present; all endpoints are user-supplied. The payload is a binary ELF shared object, indicating a high level of operational maturity.
This repository provides a functional exploit for unauthenticated remote code execution (RCE) vulnerabilities in the Ingress NGINX Controller for Kubernetes (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974). The exploit consists of a Python script (exploit.py) that orchestrates the attack, a C template (lib_template.c) for generating a malicious shared object (evil_engine.so) containing a reverse shell payload, and a crafted AdmissionReview JSON (review.json) for the admission controller. The workflow involves compiling the shared object with attacker-supplied host and port, uploading it to the ingress pod via a manipulated HTTP POST request, and brute-forcing Linux file descriptors via the admission webhook to trigger the payload. The exploit targets Kubernetes clusters with vulnerable Ingress NGINX Controller versions and requires both the public ingress URL and the internal admission webhook URL. The payload, when loaded, provides a reverse shell to the attacker. The repository is well-structured, with clear separation of exploit logic, payload generation, and supporting files. No hardcoded IPs or domains are present; endpoints are supplied at runtime. The exploit is operational and demonstrates a practical attack chain for cluster compromise.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
11 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
One of a set of critical Ingress NGINX Controller vulnerabilities that can lead to unauthenticated remote code execution in Kubernetes environments.
A high-severity configuration injection vulnerability in ingress-nginx controller via unsanitized auth-tls-match-cn annotation, potentially allowing attackers to inject malicious NGINX configuration.
One of the ingress-nginx vulnerabilities patched in the March 2025 release; the article groups it among flaws involving nginx configuration handling that could contribute to Secret exposure and cluster takeover.
Ingress-nginx annotation injection issue allowing a low-privileged attacker to inject malicious NGINX configuration via auth-tls-match-cn, potentially leading to remote code execution and traffic-routing manipulation.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.