## Vulnerability Report

**Name of the Vulnerable Software and Affected Versions:** ingress-nginx versions 1.11.5 and earlier, and versions from 1.12.0-beta.0 through 1.12.1.

**Description:**

A critical remote code execution (RCE) vulnerability, dubbed "IngressNightmare" (CVE-2025-1974), exists in the ingress-nginx controller for Kubernetes. This vulnerability allows an unauthenticated attacker with access to the pod network to execute arbitrary code in the context of the controller, potentially leading to full cluster compromise and exposure of sensitive secrets. The vulnerability stems from improper isolation and allows attackers to exploit the Admission Controller. A proof-of-concept (PoC) exploit is publicly available. This vulnerability affects over 40% of Kubernetes clusters.

**Recommendations:**

* Upgrade to ingress-nginx version 1.12.1 or later.

* Restrict network access to the Admission Controller.

* Implement network segmentation and strong authentication.

* Regularly audit and patch systems.

* Remove any server-snippet annotations from your ingress configurations.