Imagine identifying every instance of CVE-2025-1974 across all your Kubernetes clusters in minutes, not days.
For Anchore Enterprise users during #IngressNightmare, this wasn't fantasy—it was reality.
See the step-by-step process: https://anchore.com/blog/from-war-room-to-workflow-how-anchore-transforms-cve-incident-response/
What separates security incidents that create chaos from those resolved efficiently?
Not vulnerability severity—it's whether you've built supply chain visibility BEFORE crisis hits.
See how Anchore Enterprise handled #IngressNightmare in minutes: https://anchore.com/blog/from-war-room-to-workflow-how-anchore-transforms-cve-incident-response/
A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel
#IngressNightmare – czyli jak przejąć klaster Kubernetes
Podatności określane jako krytyczne mogą wzbudzać skrajne emocje. W sekuraku jesteśmy pewni, że nie wszyscy zgodzą się z punktacją CVSS 3.1 (9.8/10) przypisaną do serii podatności określonych jako IngressNightmare, które zostały opisane 24.04.2025 przez badaczy z wiz.io. TLDR: Problematycznym komponentem jest Ingress NGINX Controller, czyli ingress controller (kontroler ruchu wejściowego,...
#WBiegu #Ingress #K8s #Kubernetes #Nginx #Podatność #Rce
https://sekurak.pl/ingressnightmare-czyli-jak-przejac-klaster-kubernetes/
Podatności określane jako krytyczne mogą wzbudzać skrajne emocje. W sekuraku jesteśmy pewni, że nie wszyscy zgodzą się z punktacją CVSS 3.1 (9.8/10) przypisaną do serii podatności określonych jako IngressNightmare, które zostały opisane 24.04.2025 przez badaczy z wiz.io. TLDR: Problematycznym komponentem jest Ingress NGINX Controller, czyli ingress controller (kontroler ruchu wejściowego,...
[related]
⬇️
4,500 clusters still exposed to potential pre-auth RCE and working exploit available
👇
https://www.thestack.technology/the-one-with-ross-and-the-horrifying-kubernetes-vulnerability/
[PoC]
⬇️
"Exploit for Ingress NGINX - IngressNightmare"
👇
https://github.com/hakaioffsec/IngressNightmare-PoC
Quite some #IngressNightmare #CVE-2025-1974 PoCs on GitHub now that look good at a cursory review:
https://github.com/hakaioffsec/IngressNightmare-PoC
https://github.com/yoshino-s/CVE-2025-1974/
https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps/
https://github.com/hi-unc1e/CVE-2025-1974-poc/
https://github.com/lufeirider/IngressNightmare-PoC
https://github.com/zwxxb/CVE-2025-1974
https://github.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974
Quick note on exploits trying to use `nginx.ingress.kubernetes.io/server-snippet`: That annotation has been identified as an issue before and has been disabled to mitigate CVE-2021-25742.
This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974). - hakaioffsec/IngressNightmare-PoC
After my last post analyzing the NGINX #IngressNightmare vulnerability, I’m excited to share a new addition to my Kubernetes Security: Advanced Exploitation series!
Inspired by the excellent research from the Wiz team on CVE-2025-1974, I’ve created a hands-on lab that walks you through exploiting this issue step by step. You can try it out here:
🔗 https://github.com/Alevsk/dvka/tree/master/workshop/labs/ingress-nightmare
This lab offers a safe environment to:
1. Reproduce the vulnerability
2. Understand how the exploit works
👉 https://github.com/Alevsk/dvka/blob/master/workshop/labs/ingress-nightmare/cve-2025-1974.py
3. Generate your own indicators of compromise (IOCs)
It’s a great way to deepen your Kubernetes security knowledge and gain hands-on experience with real-world exploitation techniques. Have fun learning, and feel free to share any thoughts or questions!
anchore
Anonymous 🐈️🐾☕🍵🏴🇵🇸 
sekurak News
Kubewarden
decio
Matthias Luft
Lenin alevski 🕵️💻