CVE-2025-1974
Published: 25 March 2025
Description
Adversaries may abuse Unix shell commands and scripts for execution.
Security Summary
CVE-2025-1974 is a critical vulnerability in Kubernetes, specifically affecting the ingress-nginx controller. Under certain conditions, it allows an unauthenticated attacker with access to the pod network to achieve arbitrary code execution within the context of the controller. This issue, associated with CWE-653, has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-25.
An unauthenticated attacker who gains access to the pod network can exploit this vulnerability to execute arbitrary code as the ingress-nginx controller. Successful exploitation leads to the disclosure of Secrets accessible to the controller, which in default installations includes all Secrets cluster-wide.
Advisories and references, including the Kubernetes GitHub issue at https://github.com/kubernetes/kubernetes/issues/131009, a proof-of-concept repository at https://github.com/B1ack4sh/Blackash-CVE-2025-1974, a NetApp security advisory at https://security.netapp.com/advisory/ntap-20250328-0008/, and an Exploit-DB entry at https://www.exploit-db.com/exploits/52475, provide details on the issue and potential mitigations such as restricting pod network access and applying patches where available.
Public proof-of-concept exploits are available, indicating active interest from the security research community.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables unauthenticated remote arbitrary code execution in the ingress-nginx controller (public-facing Kubernetes component), directly mapping to T1190 for exploitation and T1059.004 for Unix Shell command execution; also facilitates secret/credential disclosure via the resulting access.