CVE-2025-24513

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.12.1 ingress-nginx versions before v1.11.5 ingress-nginx versions from v1.12.0-beta.0 before v1.12.1

Description A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. The issue affects over 6,500 clusters and could lead to unauthenticated remote code execution (RCE) or secret theft.

Recommendations For versions prior to v1.12.1, update to v1.12.1 or later to fix the vulnerability. For versions before v1.11.5, update to v1.11.5 or later to fix the vulnerability. For versions from v1.12.0-beta.0 before v1.12.1, update to v1.12.1 or later to fix the vulnerability. As a temporary workaround, consider restricting admission controller access until a patch is available.