Nir Ohfeld

**Name of the Vulnerable Software and Affected Versions** NVIDIA Container Toolkit versions up to 1.17.7 GPU Operator versions up to 25.3.0 NVIDIA Container Toolkit versions 1.17.8 and 25.3.1 are fixed. **Description** A critical vulnerability (CVE-2025-23266), dubbed “NVIDIAScape”, exists in the NVIDIA Container Toolkit and GPU Operator. This vulnerability allows attackers to escape containers and potentially gain root access on the host system. The flaw is due to a misconfiguration related to the handling of Open Container Initiative (OCI) hooks. Exploitation can be achieved with a simple three-line Dockerfile. Approximately 37% of cloud services are estimated to be affected. Successful exploitation could lead to privilege escalation, information disclosure, data tampering, and denial of service. **Recommendations** NVIDIA Container Toolkit versions prior to 1.17.8 are vulnerable. GPU Operator versions prior to 25.3.1 are vulnerable.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to v1.11.5 ingress-nginx versions v1.12.0-beta.0 through v1.12.1 **Description** A security issue exists in ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be exploited to inject arbitrary configuration into nginx. Successful exploitation can lead to arbitrary code execution within the context of the ingress-nginx controller and potential disclosure of Secrets accessible to the controller. In a default installation, the controller has access to all Secrets cluster-wide. The issue stems from unsanitized mirror annotations. **Recommendations** Upgrade to ingress-nginx version 1.11.5 or later. Upgrade to ingress-nginx version 1.12.1 or later.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to 1.11.5 ingress-nginx versions 1.12.0-beta.0 through 1.12.0 **Description** A security issue exists where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This may allow a remote attacker to execute arbitrary code within the context of the ingress-nginx controller and disclose Secrets accessible to the controller. In default installations, the controller typically has access to all Secrets cluster-wide. **Recommendations** Update to version 1.11.5 or later. Update to version 1.12.1 or later. As a temporary workaround, restrict or avoid using the `auth-tls-match-cn` annotation.

**Name of the Vulnerable Software and Affected Versions** Ingress-nginx versions prior to 1.12.1, from 1.12.0-beta.0 before 1.12.1 **Description** Ingress-nginx is vulnerable to a critical remote code execution (RCE) vulnerability (CVE-2025-1974) with a CVSS score of 9.8. This flaw allows unauthenticated attackers with access to the pod network to execute arbitrary code within the ingress-nginx controller. Successful exploitation could lead to full cluster takeover and exposure of sensitive secrets. The vulnerability stems from improper isolation or compartmentalization within the controller. A proof-of-concept (PoC) exploit is publicly available. This vulnerability is actively being exploited. The Admission Controller, listening on port 8443, is a key component affected by this issue. **Recommendations** Upgrade Ingress-nginx to version 1.12.1 or later. Restrict network access to the Admission Controller, specifically port 8443. Implement network segmentation, strong authentication, and authorization policies for services on port 8443. Regularly audit and patch vulnerabilities. Remove any server-snippet annotations from your ingress configurations.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to v1.12.1 ingress-nginx versions before v1.11.5 ingress-nginx versions from v1.12.0-beta.0 before v1.12.1 **Description** A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. The issue affects over 6,500 clusters and could lead to unauthenticated remote code execution (RCE) or secret theft. **Recommendations** For versions prior to v1.12.1, update to v1.12.1 or later to fix the vulnerability. For versions before v1.11.5, update to v1.11.5 or later to fix the vulnerability. For versions from v1.12.0-beta.0 before v1.12.1, update to v1.12.1 or later to fix the vulnerability. As a temporary workaround, consider restricting admission controller access until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 **Description** A security issue exists in ingress-nginx where the `auth-url` Ingress annotation can be exploited to inject configuration into nginx. Successful exploitation can lead to arbitrary code execution within the context of the ingress-nginx controller and potential disclosure of Secrets accessible to the controller. In a default installation, the controller has access to all Secrets within the cluster. The issue is due to insufficient input validation. **Recommendations** Update to a version of ingress-nginx greater than or equal to v1.11.5. Update to a version of ingress-nginx greater than or equal to v1.12.1.

**Name of the Vulnerable Software and Affected Versions** Open Management Infrastructure (OMI) versions (affected versions not specified) **Description** The issue is related to insufficient access controls in the Open Management Infrastructure (OMI) extensions for managing Azure virtual machines, allowing an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Management Infrastructure (OMI) (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in Open Management Infrastructure (OMI). It is associated with inadequate access controls in OMI extensions for managing Azure virtual machines. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Management Infrastructure (OMI) (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in Open Management Infrastructure (OMI), which is associated with inadequate access control. This vulnerability can be exploited to allow an attacker to escalate their privileges. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Management Infrastructure (OMI) (affected versions not specified) **Description** The issue is related to a remote code execution vulnerability in the Open Management Infrastructure (OMI) agent, which is installed by default in Linux environments on Microsoft Azure. This vulnerability, also known as OMIGOD, allows an attacker to execute arbitrary code with root privileges. The problem is present in the OMI Agent application, which is installed without the user's knowledge. The estimated number of potentially affected devices worldwide is not specified, but it is mentioned that the vulnerability affects countless Azure customers. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.