CVE-2025-1098 is a high-severity configuration injection vulnerability in the Kubernetes ingress-nginx controller. The issue arises from unsafe handling of the mirror-target and mirror-host Ingress annotations, which can be manipulated to inject arbitrary NGINX configuration into the generated nginx configuration. A remote attacker with low privileges sufficient to create or modify Ingress resources can supply crafted annotation values that are incorporated without adequate sanitization. This can cause nginx to process attacker-controlled directives and, according to the advisory context, may lead to arbitrary code execution in the context of the ingress-nginx controller. The vulnerability can also expose Kubernetes Secrets accessible to the controller; in common default deployments, that may include Secrets cluster-wide.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
mirror-target and mirror-host annotations, and increasing monitoring of ingress-nginx controller logs and Kubernetes API activity for suspicious Ingress changes. General ingress-nginx guidance in the advisory also recommends disabling the Validating Admission Controller as a temporary mitigation for the broader vulnerability set, but the primary mitigation for CVE-2025-1098 is prompt upgrade and restriction of annotation abuse paths.Patch, then assume compromise.
mirror-target and mirror-host annotations and investigate for signs of prior compromise, as patching does not remediate historical exploitation.2 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (1 hidden).
This repository contains two Python scripts, IngressNightmareV1.py and IngressNightmareV2.py, which are nearly identical in structure and function. Both scripts implement an exploit targeting Kubernetes environments, specifically leveraging exposed ingress endpoints and admission webhooks. The exploit works in two stages: first, it uploads a malicious ELF shared object (provided as a base64-encoded string in the script) to the ingress endpoint via a crafted HTTP POST request. Second, it attempts to brute-force file descriptors on the admission webhook endpoint by sending requests to /proc/{pid}/fd/{fd} paths, potentially exploiting a vulnerability that allows the attacker to keep the malicious file open and trigger its execution. The scripts use threading and concurrent requests to maximize the chance of success. The main capabilities are remote code execution or privilege escalation within a Kubernetes cluster. The scripts require the attacker to provide the ingress and admission webhook URLs as arguments. No hardcoded IPs or domains are present; all endpoints are user-supplied. The payload is a binary ELF shared object, indicating a high level of operational maturity.
This repository provides a functional exploit for unauthenticated remote code execution (RCE) vulnerabilities in the Ingress NGINX Controller for Kubernetes (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974). The exploit consists of a Python script (exploit.py) that orchestrates the attack, a C template (lib_template.c) for generating a malicious shared object (evil_engine.so) containing a reverse shell payload, and a crafted AdmissionReview JSON (review.json) for the admission controller. The workflow involves compiling the shared object with attacker-supplied host and port, uploading it to the ingress pod via a manipulated HTTP POST request, and brute-forcing Linux file descriptors via the admission webhook to trigger the payload. The exploit targets Kubernetes clusters with vulnerable Ingress NGINX Controller versions and requires both the public ingress URL and the internal admission webhook URL. The payload, when loaded, provides a reverse shell to the attacker. The repository is well-structured, with clear separation of exploit logic, payload generation, and supporting files. No hardcoded IPs or domains are present; endpoints are supplied at runtime. The exploit is operational and demonstrates a practical attack chain for cluster compromise.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
One of a set of critical Ingress NGINX Controller vulnerabilities that can lead to unauthenticated remote code execution in Kubernetes environments.
A high-severity configuration injection vulnerability in ingress-nginx controller via unsanitized mirror annotations, potentially allowing attackers to inject malicious NGINX configuration.
One of the ingress-nginx vulnerabilities patched in the March 2025 release; the article groups it among flaws involving nginx configuration handling that could contribute to Secret exposure and cluster takeover.
Ingress-nginx annotation injection issue allowing a low-privileged attacker to inject arbitrary NGINX configuration via mirror-target/mirror-host, potentially enabling remote code execution and traffic-routing manipulation.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.