Kubernetes Multiple Vulnerabilities

Release Date: 25 Mar 2025

RISK: Medium Risk

TYPE: Operating Systems - Application Platforms

Multiple vulnerabilities were identified in Kubernetes. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, sensitive information disclosure and remote code execution on the targeted system.

---

Impact

• Information Disclosure
• Remote Code Execution
• Denial of Service

---

System / Technologies affected

• Kubernetes Ingress NGINX Controller v1.12.0, v1.11.0 - 1.11.4 and All versions prior to v1.11.0

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to Kubernetes Ingress NGINX Controller  v1.11.5, v1.12.1, or any later version

---

Vulnerability Identifier

• CVE-2025-1097
• CVE-2025-1098
• CVE-2025-1974
• CVE-2025-24513
• CVE-2025-24514

---

Source

• Kubernetes

---

Related Link

• https://kubernetes.io/docs/reference/issues-security/official-cve-feed/
• https://discuss.kubernetes.io/t/security-advisory-multiple-vulnerabilities-in-ingress-nginx/31950
• https://github.com/kubernetes/kubernetes/issues/131005
• https://github.com/kubernetes/kubernetes/issues/131006
• https://github.com/kubernetes/kubernetes/issues/131007
• https://github.com/kubernetes/kubernetes/issues/131008
• https://github.com/kubernetes/kubernetes/issues/131009