{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1097", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2025-02-07T00:11:49.551Z", "datePublished": "2025-03-24T23:29:05.879Z", "dateUpdated": "2026-02-26T19:09:14.028Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "kubernetes", "versions": [{"lessThanOrEqual": "1.11.4", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "affected", "version": "1.12.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nir Ohfeld"}, {"lang": "en", "type": "finder", "value": "Ronen Shustin"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}, {"lang": "en", "type": "finder", "value": "Hillai Ben Sasson"}], "datePublic": "2025-03-24T19:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2025-03-24T23:29:05.879Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/131007"}], "source": {"discovery": "EXTERNAL"}, "title": "ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1097", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-27T03:55:15.070320Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T19:09:14.028Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-04T19:36:15.102Z"}, "references": [{"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"}, {"url": "https://www.exploit-db.com/exploits/52475"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"}, {"url": "https://www.exploit-db.com/exploits/52475"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-02-04T19:36:15.102Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1097", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-27T03:55:15.070320Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:40:01.017Z"}}], "cna": {"title": "ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Nir Ohfeld"}, {"lang": "en", "type": "finder", "value": "Ronen Shustin"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}, {"lang": "en", "type": "finder", "value": "Hillai Ben Sasson"}], "impacts": [{"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "kubernetes", "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.11.4"}, {"status": "affected", "version": "1.12.0"}], "defaultStatus": "unaffected"}], "datePublic": "2025-03-24T19:36:00.000Z", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/131007"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2025-03-24T23:29:05.879Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1097", "state": "PUBLISHED", "dateUpdated": "2026-02-26T19:09:14.028Z", "dateReserved": "2025-02-07T00:11:49.551Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2025-03-24T23:29:05.879Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}, {"lang": "es", "value": "Se detect\u00f3 un problema de seguridad en ingress-nginx (https://github.com/kubernetes/ingress-nginx) donde la anotaci\u00f3n de Ingress `auth-tls-match-cn` puede usarse para inyectar configuraci\u00f3n en nginx. Esto puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del controlador de ingress-nginx y la divulgaci\u00f3n de secretos accesibles para el controlador. (Tenga en cuenta que, en la instalaci\u00f3n predeterminada, el controlador puede acceder a todos los secretos del cl\u00faster)."}], "id": "CVE-2025-1097", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2025-03-25T00:15:13.590", "references": [{"source": "jordan@liggitt.net", "url": "https://github.com/kubernetes/kubernetes/issues/131007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250328-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/52475"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{"bugzilla": {"description": "ingress-nginx: ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation", "id": "2354657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354657"}, "csaw": false, "cwe": "CWE-20", "details": ["A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "A flaw was found in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This issue can lead to arbitrary code execution in the context of the ingress-nginx controller and disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide in the default installation."], "name": "CVE-2025-1097", "public_date": "2025-03-24T23:29:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1097"], "statement": "Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. This assessment may evolve based on further analysis and discovery. For more information about this vulnerability and the products it affects, please see the linked references."}

{"created": "2025-07-12T15:26:26.819312+00:00", "updated": "2025-07-12T15:26:26.819378+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}