深度解析CVE-2025-1974:Kubernetes Ingress-NGINX控制器的远程代码执行漏洞

CVE-2025-1974 是一个允许未经身份验证的攻击者在特定条件下访问Pod网络,并在 NGINX Ingress控制器 的上下文中执行任意代码的高危漏洞。该漏洞的CVSS评分高达9.8,属于“严重”级别。攻击者可以利用该漏洞注入恶意配置,进而实现远程代码执行(RCE),这可能导致敏感信息泄露,甚至完全控制Kubernetes集群。
腾讯网

Ingress-Nginx 漏洞使公开的 Kubernetes 集群面临被接管风险

云安全公司 Wiz 发现了 Ingress-Nginx Controller 的准入控制器组件存在严重漏洞,可能导致 Kubernetes 集群被完全接管。据估计,互联网上超过 6,000 个部署实例正面临风险。 Kubernetes (K8s) 集群经常需要向外部开放 HTTP/S 流量,以允许外部访问其运行的应用程序。虽然将 ...
Business Wire

NGINX Announces Ingress Controller Solution for Load Balancing on Red Hat OpenShift ...

SAN FRANCISCO--(BUSINESS WIRE)--NGINX, Inc., the engine delivering sites and applications for the modern web, today announced support for the use of NGINX Plus as an Ingress controller for Red Hat ...
VentureBeat

Kubernetes Gateway API reality check: Ingress controller is still needed

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More No doubt the new Kubernetes excitement is the Gateway API. One of the ...
InfoQ

NGINX Releases Microservices Platform, OpenShift Ingress Controller, and Service Mesh Preview

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Business Wire

Traefik Labs Launches New Kubernetes-Native API Management with Third-Party Ingress ...

AMSTERDAM--(BUSINESS WIRE)--KubeCon – Traefik Labs, creator of the popular Traefik ingress controller, today launched the industry’s first Kubernetes-native API management with Traefik Hub, for ...
InfoQ

Kong for Kubernetes 0.8 Ingress Controller Released

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article dives into the happens-before ...