Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2025-1974

Description

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

POC

Reference

No PoCs from references.

Github

- https://github.com/0xBingo/CVE-2025-1974

- https://github.com/0xMarcio/cve

- https://github.com/Armand2002/Exploit-CVE-2025-1974-Lab

- https://github.com/B1ack4sh/Blackash-CVE-2025-1974

- https://github.com/BiiTts/POC-IngressNightmare-CVE-2025-1974

- https://github.com/EGI-Federation/SVG-advisories

- https://github.com/Esonhugh/Esonhugh

- https://github.com/Esonhugh/My-Cloud-Security

- https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps

- https://github.com/GhostTroops/TOP

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/Lern0n/Lernon-POC

- https://github.com/Ostorlab/KEV

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Rickerd12/exploit-cve-2025-1974

- https://github.com/Rubby2001/CVE-2025-1974-go

- https://github.com/Shitcontrol666/ONRE-Toolkit-k8s

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/CVE

- https://github.com/UCloudDoc-Team/uk8s

- https://github.com/abrewer251/CVE-2025-1974_IngressNightmare_PoC

- https://github.com/alexander-rebai/test-sast-issues

- https://github.com/aninfosec/IngressNightmare

- https://github.com/chhhd/CVE-2025-1974

- https://github.com/dttuss/IngressNightmare-RCE-POC

- https://github.com/ecomtech-oss/pisc

- https://github.com/eeeeeeeeee-code/POC

- https://github.com/flavio/sbom-merger

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/gian2dchris/ingress-nightmare-poc

- https://github.com/giterlizzi/secdb-feeds

- https://github.com/hakaioffsec/IngressNightmare-PoC

- https://github.com/hi-unc1e/CVE-2025-1974-poc

- https://github.com/hierynomus/ingressnightmare-policy

- https://github.com/iteride/CVE-2025-1974

- https://github.com/jjii44nn/CSC

- https://github.com/killsystema/IngressNightmare

- https://github.com/kubewarden/do-not-expose-admission-controller-webhook-services-policy

- https://github.com/laoa1573/wy876

- https://github.com/lufeirider/IngressNightmare-PoC

- https://github.com/m-q-t/ingressnightmare-detection-poc

- https://github.com/moften/IngressNightmare-Vulnerability

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/oLy0/Vulnerability

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974

- https://github.com/salt318/CVE-2025-1974

- https://github.com/sandumjacob/IngressNightmare-POCs

- https://github.com/scottymcandrew/ingress-nightmare

- https://github.com/secwest/k8s-ingress-nginx-rollingupgrade

- https://github.com/ssst0n3/docker_archive

- https://github.com/tanjiti/sec_profile

- https://github.com/tbc957/k8s

- https://github.com/tuananh244/First_agent

- https://github.com/tuladhar/ingress-nightmare

- https://github.com/ugurbzkrt/upgrade-ingress-nginx

- https://github.com/vulnerability-lookup/ExploitDBSighting

- https://github.com/yanmarques/CVE-2025-1974

- https://github.com/yembors64632/cve_monitor_Public

- https://github.com/yoshino-s/CVE-2025-1974

- https://github.com/zulloper/CVE-2025-1974

- https://github.com/zwxxb/CVE-2025-1974