CVE-2025-24513
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Ingress-nginx Admission Controller directory traversal via attacker-provided data in filenames, leading to DoS or limited Secret disclosure.
Vulnerability
Overview
CVE-2025-24513 is a directory traversal vulnerability in the ingress-nginx Admission Controller. The flaw arises because attacker-provided data is included in a filename without proper sanitization, enabling directory traversal within the container [1]. This means an attacker who can submit a crafted Ingress resource can cause the controller to read or write files outside the intended directory.
Exploitation
An attacker needs network access to the Kubernetes API server and the ability to create or update Ingress resources. No authentication bypass is required, but the attacker must have permissions to submit Ingress objects. The traversal is limited to the filesystem within the container, but it can be used to overwrite files or cause the controller to access arbitrary paths [1].
Impact
If exploited, the vulnerability can result in denial of service by corrupting configuration files or crashing the controller. Furthermore, when combined with other vulnerabilities, it may enable limited disclosure of Kubernetes Secret objects that are mounted or readable within the container [1]. The CVSS v3.1 base score is 4.8 (Medium), reflecting the moderate impact and attack complexity.
Mitigation
The vulnerability is fixed in ingress-nginx controller versions v1.12.1 [2] and v1.11.5 [3]. Administrators should update to these versions or later. The release notes for both fixes also mention that to address a related issue (CVE-2025-1974), validation of the generated NGINX configuration during Ingress validation is disabled, but the configuration is still checked before loading [2][3]. Users are advised to enable annotation validation and disable snippet annotations to reduce risk.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 1.11.5 | 1.11.5 |
k8s.io/ingress-nginxGo | >= 1.12.0-beta.0, < 1.12.1 | 1.12.1 |
Affected products
1- Range: >= 1.12.0-beta.0, < 1.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-242m-6h72-7hgpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-24513ghsaADVISORY
- github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5ghsaWEB
- github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1ghsaWEB
- github.com/kubernetes/kubernetes/issues/131005nvdWEB
- groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQghsaWEB
- security.netapp.com/advisory/ntap-20250328-0008ghsaWEB
- security.netapp.com/advisory/ntap-20250328-0008/nvd
News mentions
0No linked articles in our index yet.