Critical Kubernetes Controller Flaws: 4,000 IPs Exposed
bankinfosecurityPatch Urgency Increases as Code to Exploit CVE-2025-1974 Vulnerability Published Mathew J. Schwartz (euroinfosec) • March 28, 2025
Thousands of Kubernetes clusters are not patched against a combination of five critical vulnerabilities detailed publicly on Monday that could allow attackers to take control of cloud-based applications.
See Also: Financial & Banking Services: Cybersecurity Trends from Expel’s 2025 Annual Threat Report
The Kubernetes project team released patches for the Ingress Nginx Controller in the form of "ingress-nginx v1.12.1 and v1.11.5, which have fixes for all five of these vulnerabilities," it said, urging users to immediately update (see: Kubernetes Patch: 43% of Clusters Face Remote Takeover Risk).
Kubernetes is a popular open-source platform for managing containerized workloads and services. The system automates everything from software deployment to scaling and management.
The vulnerabilities exist in the admission controller component of the Ingress Nginx Controller, which is maintained by the ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE