CVE-2025-1974 is a critical vulnerability in Kubernetes ingress-nginx in which an unauthenticated attacker that can reach the ingress-nginx admission webhook can exploit configuration injection flaws through the Validating Admission Controller and achieve arbitrary code execution in the context of the ingress-nginx controller. The issue affects vulnerable ingress-nginx releases prior to the patched versions v1.11.5 and v1.12.1. The available reporting indicates the flaw is reachable over the pod network by design because the admission webhook endpoint does not require authentication, and in common deployments any workload on the pod network can communicate with it. Public reporting further states that this issue can be chained with related ingress-nginx configuration-injection vulnerabilities disclosed alongside it, enabling remote code execution and broader cluster compromise. Because ingress-nginx commonly has access to Kubernetes Secrets, including cluster-wide Secret access in default installations, successful exploitation can expose sensitive material and facilitate takeover of the cluster.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
19 valid exploits after Mallory filtered fakes, detection scripts, and README-only repos (11 hidden).
This repository contains a fully operational exploit for CVE-2025-1974, a critical unauthenticated remote code execution vulnerability in Kubernetes ingress-nginx (admission controller). The exploit is implemented in Go, with a C payload (danger.c) compiled into a shared object (danger.so). The attack works by uploading a malicious .so file to the ingress-nginx pod via a large HTTP POST, then sending a crafted AdmissionReview request to the admission webhook, which injects a configuration directive (ssl_engine) to load the .so file. When nginx reloads its configuration (triggered by the webhook), the malicious .so is loaded, executing arbitrary code (reverse shell, bind shell, or custom command) in the pod context. The exploit is highly configurable, supporting multiple attack modes and targeting several related CVEs via different annotation injection vectors. The codebase is well-structured, with clear separation between payload generation (payload.go), exploitation logic (exploit.go), and CLI handling (main.go). The README provides detailed usage instructions, affected versions, and mitigation advice. The exploit targets network endpoints within the Kubernetes cluster and leverages file paths for payload delivery and execution. This is a high-impact, operational-level exploit suitable for red team or advanced penetration testing scenarios.
This repository contains a working exploit for CVE-2025-1974, a remote code execution vulnerability in Kubernetes Ingress-nginx via a vulnerable admission webhook. The main file, cve-2025-1974-exploit.py, is a Python script that crafts a malicious Ingress resource with a Lua code injection in the nginx.ingress.kubernetes.io/configuration-snippet annotation. This payload is wrapped in an AdmissionReview request and sent to the target's admission webhook endpoint (e.g., http://localhost:8443/networking/v1/ingresses). If successful, the exploit allows arbitrary command execution as root on the target, with the output returned to the attacker. The repository is structured simply, with a README providing usage instructions and the exploit script itself. The exploit is operational and demonstrates the vulnerability with customizable commands.
This repository provides a full exploit chain for CVE-2025-1974 (IngressNightmare), a critical unauthenticated remote code execution vulnerability in Kubernetes ingress-nginx prior to v1.11.5 and v1.12.1. The exploit works by uploading a malicious shared object (.so) file to the ingress-nginx pod using a large HTTP POST request, then triggering the admission webhook to reload nginx with a config that loads the malicious .so via the ssl_engine directive. The C payload (danger.c) provides reverse shell, bind shell, or arbitrary command execution capabilities. The Go code (main.go, exploit.go, payload.go) orchestrates the attack, allowing the user to specify the mode (reverse shell, bind shell, command), target endpoints, and payload customization. The repository includes configuration files (bad_config.conf), build scripts (Makefile, build.yaml, goreleaser.yaml), and a detailed README with usage instructions and mitigation advice. The exploit is operational and can be used to fully compromise vulnerable ingress-nginx pods and, by extension, Kubernetes clusters.
This repository provides a full exploit chain targeting Kubernetes clusters with an NGINX Ingress controller and an admission webhook. The main components are: - `shell.c`: C source code for a reverse shell payload, compiled as a shared object (`shell.so`). The IP and port for the reverse shell are hardcoded and must be set by the attacker before building. - `build.sh` and `run_build.sh`: Scripts to build the payload inside an Alpine Linux Docker container, producing a stripped and truncated shared object for stealth. - `review.json`: A Kubernetes AdmissionReview object template, used as part of the exploit to manipulate the admission webhook. - `xpl.py`: The main exploit script. It performs two actions: (1) uploads the malicious `shell.so` to the ingress endpoint, keeping the file open, and (2) brute-forces the admission webhook by sending crafted AdmissionReview requests with manipulated file descriptor paths, attempting to trigger the loading of the attacker's shared object. The exploit is operational and requires the attacker to specify the ingress and admission webhook URLs, as well as the reverse shell host/port. The attack vector is network-based, targeting exposed Kubernetes ingress and webhook endpoints. The exploit is not part of a framework and is a standalone operational exploit with a customizable payload.
This repository provides a full operational exploit for CVE-2025-1974, a critical unauthenticated remote code execution vulnerability in Kubernetes ingress-nginx (prior to v1.11.5 and v1.12.1). The exploit consists of: - A C source file (danger.c) that is compiled into a malicious shared object (.so) capable of providing a reverse shell, bind shell, or arbitrary command execution when loaded by NGINX. - Go code (main.go, exploit.go, payload.go) that orchestrates the attack: uploading the .so file to the ingress controller via a large HTTP POST, then triggering the admission webhook to inject a configuration directive (ssl_engine) that loads the malicious .so file. - The exploit supports multiple attack modes (reverse shell, bind shell, command execution) and can be customized via command-line flags. It also supports advanced usage such as targeting specific file descriptors or using different injection vectors (auth-url, auth-tls-match-cn, mirror-uid). - The Makefile automates building the .so payload and testing the exploit locally. - The repository includes configuration and template files (bad_config.conf, validate.json) to facilitate exploitation and testing. The exploit targets internal Kubernetes network endpoints, specifically the ingress-nginx controller and its admission webhook, and leverages file paths such as /root/so/danger.so and /proc/[pid]/fd/[fd] for payload delivery and execution. The exploit is operational and can be used to achieve full cluster compromise if the target is vulnerable and properly configured.
This repository provides a proof-of-concept (PoC) exploit for CVE-2025-1974, targeting Kubernetes Ingress controllers (likely NGINX Ingress) via the AdmissionReview API. The main script, 'poc.py', is a Python tool that automates sending a crafted JSON payload (from 'poc.json') to a list of target IP addresses over HTTPS (default port 8443). The script uses 'curl' to POST the payload, classifies responses as success or failure, and generates XML reports for each. The payload attempts to create a Kubernetes Ingress object with potentially malicious annotations, aiming to exploit the referenced vulnerability. The repository is structured with a single main exploit script, a sample payload, and documentation. No hardcoded IPs or domains are present; targets are supplied by the user at runtime. The exploit is a PoC and does not include weaponized or post-exploitation features.
This repository provides a working exploit for CVE-2025-1974, a vulnerability in the Kubernetes Ingress-NGINX Admission Controller that allows unauthenticated attackers to inject malicious Ingress resources and potentially achieve remote code execution (RCE). The exploit consists of a Python script (exploit.py) that orchestrates the attack by uploading a malicious shared object (compiled from shell.c) to the Ingress controller and then brute-forcing file descriptors via the Admission Controller's webhook endpoint. The shell.c payload, when executed, creates a file (/tmp/hacked) on the target as a proof of code execution. The repository includes a docker-compose.yml for setting up a vulnerable test environment and a README.md with detailed usage instructions. The exploit targets network-exposed Admission Controller endpoints and demonstrates the risk of unauthenticated access. The code is operational and can be adapted for more advanced payloads.
This repository provides a working exploit for CVE-2025-1974, a critical vulnerability in the Kubernetes Ingress-NGINX Admission Controller. The exploit chain abuses the Admission Controller's lack of authentication to inject malicious configuration into Ingress resources, ultimately forcing NGINX to load a user-supplied shared object. The repository includes: - A Python proof-of-concept (poc.py) that orchestrates the attack: it uploads a malicious shared object to the Ingress controller and then brute-forces file descriptors via crafted AdmissionReview requests to the Admission Controller endpoint. - A C source file (shell.c) for the payload, which, when compiled to shell.so, creates a file (/tmp/hacked) as a demonstration of code execution. - A docker-compose.yml for setting up a vulnerable test environment using the vulhub/ingress-nginx:1.9.5 image. - A README.md with detailed instructions and background on the vulnerability and exploit chain. The exploit is operational and demonstrates arbitrary code execution inside the ingress-nginx container. It requires network access to both the Admission Controller and Ingress endpoints. The endpoints are fingerprintable and configurable via command-line arguments. The exploit is not weaponized for general use but provides a clear, working POC for the vulnerability.
This repository provides an exploit for CVE-2025-1974 targeting the Kubernetes ingress-nginx-controller. The exploit consists of a Go program (main.go) that orchestrates the attack, a C source file (shell.c) that implements a reverse shell payload, and supporting build scripts (Makefile, build.sh). The workflow is as follows: the attacker sets their own server IP and port in shell.c, builds a malicious shared object (shell.so), and then uses main.go to upload this payload to the target ingress-nginx-controller pod via a crafted HTTP POST request. The exploit also sends specially crafted AdmissionReview requests to the controller's admission endpoint, attempting to manipulate annotations and probe for writable file descriptors. If successful, the shell.so payload is executed, causing the target pod to connect back to the attacker's server with a reverse shell. The exploit is operational and requires the attacker to have access to a pod in the target cluster. The main attack vector is network-based, targeting internal Kubernetes service endpoints. The repository is well-structured, with clear separation between payload, exploit logic, and build instructions.
This repository provides a working exploit for CVE-2025-1974, targeting the Kubernetes Ingress NGINX Controller version 1.11.3. The exploit consists of a Python script (exploit.py) that orchestrates the attack, a C source file (rev_shell.c) for a reverse shell payload, and supporting Kubernetes YAML and JSON files for configuring the test environment and crafting malicious AdmissionReview requests. The attack works by uploading a malicious shared object (compiled from rev_shell.c) to the target, then abusing the NGINX Controller's webhook via crafted HTTP requests to trigger the loading of the payload. The reverse shell connects back to an attacker-controlled IP and port, granting remote code execution. The repository is structured for easy setup in a local Kubernetes environment, with clear instructions in the README. Key endpoints include the local webhook (https://localhost:1337/test), the reverse shell listener (192.168.5.2:4444), and the use of /proc/[pid]/fd/[fd] file descriptors for exploitation. The exploit is operational and demonstrates a real-world attack chain.
This repository contains two Python scripts, IngressNightmareV1.py and IngressNightmareV2.py, which are nearly identical in structure and function. Both scripts implement an exploit targeting Kubernetes environments, specifically leveraging exposed ingress endpoints and admission webhooks. The exploit works in two stages: first, it uploads a malicious ELF shared object (provided as a base64-encoded string in the script) to the ingress endpoint via a crafted HTTP POST request. Second, it attempts to brute-force file descriptors on the admission webhook endpoint by sending requests to /proc/{pid}/fd/{fd} paths, potentially exploiting a vulnerability that allows the attacker to keep the malicious file open and trigger its execution. The scripts use threading and concurrent requests to maximize the chance of success. The main capabilities are remote code execution or privilege escalation within a Kubernetes cluster. The scripts require the attacker to provide the ingress and admission webhook URLs as arguments. No hardcoded IPs or domains are present; all endpoints are user-supplied. The payload is a binary ELF shared object, indicating a high level of operational maturity.
This repository is a working exploit for CVE-2025-1974, a vulnerability in the Kubernetes ingress-nginx-controller. The exploit consists of a Python script (exploit.py), a C reverse shell payload (shell.c), and build scripts to compile the payload as a musl-libc compatible shared object (shell.so) for use in Alpine-based containers. The exploit works by abusing the ingress-nginx admission controller and ingress endpoints, sending crafted requests to manipulate annotations and upload the malicious shared object. The Python script automates the exploitation process, including brute-forcing /proc/[pid]/fd/[fd] paths to find a suitable file descriptor for the attack. If successful, the shell.so payload is executed on the target, establishing a reverse shell to the attacker's server. The repository is well-structured, with clear separation between exploit logic, payload, and build instructions. It is operational and can be used to gain remote shell access to vulnerable ingress-nginx-controller instances in Kubernetes clusters.
This repository provides a full-featured exploit for multiple vulnerabilities (CVE-2025-1907, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098) in Kubernetes ingress-nginx. The exploit is implemented in Go, with a C payload compiled as a shared object (.so) for code execution. The attack involves uploading a malicious .so file to the NGINX server, then triggering the NGINX admission webhook to load the file via a crafted configuration directive (ssl_engine). The exploit supports multiple modes: reverse shell, bind shell, and arbitrary command execution. It is highly configurable, allowing the attacker to specify endpoints, payloads, and attack methods. The main entry point is main.go, which orchestrates the attack using the logic in nginx-ingress/exploit.go and payload.go. The C code (danger.c) implements the actual payload logic. The exploit targets internal Kubernetes endpoints, specifically the NGINX server and its admission webhook, and abuses the ability to write temporary configuration files and load arbitrary shared objects. The repository is operational and provides all necessary components for successful exploitation, including payload generation, delivery, and execution.
This repository provides a functional exploit for unauthenticated remote code execution (RCE) vulnerabilities in the Ingress NGINX Controller for Kubernetes (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974). The exploit consists of a Python script (exploit.py) that orchestrates the attack, a C template (lib_template.c) for generating a malicious shared object (evil_engine.so) containing a reverse shell payload, and a crafted AdmissionReview JSON (review.json) for the admission controller. The workflow involves compiling the shared object with attacker-supplied host and port, uploading it to the ingress pod via a manipulated HTTP POST request, and brute-forcing Linux file descriptors via the admission webhook to trigger the payload. The exploit targets Kubernetes clusters with vulnerable Ingress NGINX Controller versions and requires both the public ingress URL and the internal admission webhook URL. The payload, when loaded, provides a reverse shell to the attacker. The repository is well-structured, with clear separation of exploit logic, payload generation, and supporting files. No hardcoded IPs or domains are present; endpoints are supplied at runtime. The exploit is operational and demonstrates a practical attack chain for cluster compromise.
This repository provides a full proof-of-concept exploit for a set of critical unauthenticated remote code execution (RCE) vulnerabilities in the Kubernetes Ingress NGINX Controller (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974), collectively referred to as 'IngressNightmare'. The repository is structured as a self-contained lab environment for safe testing, including: - **Lab.md**: A detailed guide for setting up a vulnerable Minikube Kubernetes cluster, deploying a test application, configuring a vulnerable admission webhook, and preparing the environment for exploitation. - **debug.sh**: An automated Bash script to set up the Minikube cluster, generate TLS certificates, deploy the vulnerable components, and configure port-forwarding for local testing. - **lab/webhook.py** and **lab/webhook.yaml**: A simple Python-based admission webhook server and its Kubernetes deployment manifest, used to simulate the vulnerable webhook in the lab. - **poc.py**: The main exploit script. It generates a malicious shared object (.so) file containing a reverse shell payload, uploads it to the ingress controller via a crafted HTTP request, brute-forces file descriptors to locate the uploaded file, and then triggers its execution by manipulating ingress resource annotations and sending a crafted AdmissionReview request to the webhook endpoint. The exploit results in a reverse shell connection to the attacker's specified host and port. - **lab/certs/**: Contains generated TLS certificates for the webhook server. - **lab/test-app.yaml**, **lab/test-ingress.yaml**, **lab/webhook-configuration.yaml**: Kubernetes manifests for deploying the test application, ingress, and webhook configuration. The exploit is operational and provides a working reverse shell if the target is vulnerable and properly configured. The attack vector is network-based, requiring access to both the ingress controller and the admission webhook endpoints. The repository is intended for educational and research purposes only, with strong warnings against unauthorized use.
This repository is a proof-of-concept exploit for CVE-2025-1974, a remote code execution vulnerability in the Ingress NGINX Controller for Kubernetes (also referred to as 'IngressNightmare'). The main exploit logic is implemented in 'poc.py', a Python script that automates the attack chain. The exploit works by crafting and sending malicious AdmissionReview requests to the NGINX admission controller, and uploading a compiled C-based reverse shell payload as a shared object (.so). The script supports both local (via port-forwarding) and in-cluster exploitation modes. The attacker specifies their own IP and port for the reverse shell, and the script builds the payload on the fly using Docker. The README provides usage instructions and prerequisites. The repository also includes a requirements.txt for dependencies (asyncio, httpx). No hardcoded credentials or static IPs are present; all network endpoints are configurable. The exploit is operational and provides a working reverse shell if the target is vulnerable and properly configured.
This repository contains a proof-of-concept exploit for CVE-2025-1974, a critical remote code execution vulnerability in the Kubernetes Ingress-NGINX controller. The exploit is implemented in a single Python script (IngressNightmare.py), which uses the Kubernetes Python client to create or update an Ingress resource with a malicious annotation (nginx.ingress.kubernetes.io/server-snippet). This annotation injects Lua code that executes an OS command (touch /tmp/nginx/pwned_nginx) inside the ingress controller pod, demonstrating arbitrary code execution. The exploit targets clusters running vulnerable versions of Ingress-NGINX (prior to v1.12.1 / v1.11.5) with the Validating Admission Controller enabled and risky annotations allowed. The README.md provides detailed context, impact, affected versions, and mitigation steps. No hardcoded IPs or external URLs are present, but the exploit demonstrates a network-based attack vector by leveraging Kubernetes API access to inject the malicious Ingress resource.
This repository is an operational exploit for CVE-2025-1974, targeting the Kubernetes Ingress-NGINX Controller. The exploit consists of a Python script (exploit.py) that interacts with the ingress-nginx admission controller and HTTP endpoints, attempting to upload a malicious shared object (shell.so) compiled from shell.c. The shell.so payload, when loaded by the target, initiates a reverse shell to an attacker-controlled server (IP and port configurable in shell.c). The exploit leverages crafted AdmissionReview requests and HTTP POSTs to inject the payload, exploiting a vulnerability in the ingress-nginx controller's handling of certain annotations and file descriptors. The repository includes build scripts to ensure the payload is compatible with the musl-libc environment of the ingress-nginx-controller container. The exploit requires network access to the Kubernetes service endpoints and is designed for use in environments where the attacker can reach these endpoints, such as in a compromised cluster or via port-forwarding. The structure is clean, with clear separation between the exploit logic (exploit.py), payload (shell.c), and build/dependency files. The exploit is not part of a framework and is a standalone operational exploit with a working reverse shell payload.
This repository provides a proof-of-concept (POC) exploit for CVE-2025-1974, targeting the Kubernetes ingress-nginx-controller (v1.11.3). The exploit demonstrates how an attacker with access to a Kubernetes cluster can achieve remote code execution (RCE) on the ingress-nginx-controller pod by abusing the validating webhook. The main attack flow involves deploying the vulnerable controller using the provided YAML manifest, port-forwarding the webhook server's port (8443) to a local port (1337), and sending a crafted AdmissionReview JSON request (poc.json) to the webhook endpoint using curl. The exploit leverages the controller's handling of Ingress resources to execute arbitrary commands. The repository includes configuration files, a POC JSON payload, and documentation, but the actual exploit logic is performed via manual curl commands as described in the README. No automated exploit script is provided, but the steps are clearly outlined for a security researcher to reproduce the attack in a test environment.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
24 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
One of a set of critical Ingress NGINX Controller vulnerabilities that can lead to unauthenticated remote code execution in Kubernetes environments.
A critical unauthenticated remote code execution (RCE) vulnerability in the admission controller component of the Ingress NGINX Controller for Kubernetes. Exploitation allows attackers to execute arbitrary code and escalate privileges within the cluster, potentially compromising all secrets.
A critical ingress-nginx vulnerability in the Validating Admission Controller feature that allows exploitation of configuration injection issues from the Pod network and can enable Kubernetes cluster takeover without credentials.
Critical vulnerability in Kubernetes ingress-nginx controller enabling remote, unauthenticated compromise (integrity/availability impact; potential full system compromise).
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.