On March 24, 2025, a series of several critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) were disclosed in the ingress-nginx Controller for Kubernetes, collectively termed IngressNightmare. These vulnerabilities could lead to a complete cluster takeover by allowing attackers unauthorized access to all secrets stored across all namespaces
Kubernetes 1.30.x
Exploit
CVE-2025-1097
Aqua Security
Refer to CVE-2025-1097 NVD advisory