Medium severity4.8GHSA Advisory· Published Mar 25, 2025· Updated Jun 17, 2026
CVE-2025-24513
CVE-2025-24513
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 1.11.5 | 1.11.5 |
k8s.io/ingress-nginxGo | >= 1.12.0-beta.0, < 1.12.1 | 1.12.1 |
Affected products
71- Range: >= 1.12.0-beta.0, < 1.12.1
- osv-coords70 versionspkg:apk/chainguard/ingress-nginx-controller-1.10pkg:apk/chainguard/ingress-nginx-controller-1.10-compatpkg:apk/chainguard/ingress-nginx-controller-1.10-kube-webhook-certgenpkg:apk/chainguard/ingress-nginx-controller-1.11pkg:apk/chainguard/ingress-nginx-controller-1.11-compatpkg:apk/chainguard/ingress-nginx-controller-1.11-kube-webhook-certgenpkg:apk/chainguard/ingress-nginx-controller-1.12pkg:apk/chainguard/ingress-nginx-controller-bitnami-compat-1.10pkg:apk/chainguard/ingress-nginx-controller-bitnami-compat-1.11pkg:apk/chainguard/ingress-nginx-controller-bitnami-compat-1.12pkg:apk/chainguard/ingress-nginx-controller-compat-1.10pkg:apk/chainguard/ingress-nginx-controller-compat-1.11pkg:apk/chainguard/ingress-nginx-controller-compat-1.12pkg:apk/chainguard/ingress-nginx-controller-fips-1.10pkg:apk/chainguard/ingress-nginx-controller-fips-1.11pkg:apk/chainguard/ingress-nginx-controller-fips-1.12pkg:apk/chainguard/ingress-nginx-controller-fips-bitnami-compat-1.11pkg:apk/chainguard/ingress-nginx-controller-fips-bitnami-compat-1.12pkg:apk/chainguard/ingress-nginx-controller-fips-compat-1.11pkg:apk/chainguard/ingress-nginx-controller-fips-compat-1.12pkg:apk/chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.11pkg:apk/chainguard/ingress-nginx-controller-fips-iamguarded-compat-1.12pkg:apk/chainguard/ingress-nginx-controller-iamguarded-compat-1.11pkg:apk/chainguard/ingress-nginx-controller-iamguarded-compat-1.12pkg:apk/chainguard/ingress-nginx-custom-error-pages-1.10pkg:apk/chainguard/ingress-nginx-custom-error-pages-1.11pkg:apk/chainguard/ingress-nginx-custom-error-pages-1.12pkg:apk/chainguard/ingress-nginx-custom-error-pages-compat-1.10pkg:apk/chainguard/ingress-nginx-custom-error-pages-compat-1.11pkg:apk/chainguard/ingress-nginx-custom-error-pages-compat-1.12pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-1.10pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-1.11pkg:apk/chainguard/ingress-nginx-custom-error-pages-fips-1.12pkg:apk/chainguard/ingress-nginx-fips-custom-error-pages-1.11pkg:apk/chainguard/ingress-nginx-fips-custom-error-pages-1.12pkg:apk/chainguard/ingress-nginx-fips-custom-error-pages-compat-1.11pkg:apk/chainguard/ingress-nginx-fips-custom-error-pages-compat-1.12pkg:apk/chainguard/ingress-nginx-fips-opentelemetry-plugin-1.11pkg:apk/chainguard/ingress-nginx-fips-opentelemetry-plugin-1.12pkg:apk/chainguard/ingress-nginx-opentelemetry-1.11pkg:apk/chainguard/ingress-nginx-opentelemetry-compat-1.11pkg:apk/chainguard/ingress-nginx-opentelemetry-plugin-1.10pkg:apk/chainguard/ingress-nginx-opentelemetry-plugin-1.11pkg:apk/chainguard/ingress-nginx-opentelemetry-plugin-1.12pkg:apk/chainguard/kube-webhook-certgen-1.10pkg:apk/chainguard/kube-webhook-certgen-1.11pkg:apk/chainguard/kube-webhook-certgen-1.12pkg:apk/chainguard/kube-webhook-certgen-fips-1.10pkg:apk/chainguard/kube-webhook-certgen-fips-1.11pkg:apk/chainguard/kube-webhook-certgen-fips-1.12pkg:apk/wolfi/ingress-nginx-controller-1.10pkg:apk/wolfi/ingress-nginx-controller-1.10-compatpkg:apk/wolfi/ingress-nginx-controller-1.10-kube-webhook-certgenpkg:apk/wolfi/ingress-nginx-controller-1.11pkg:apk/wolfi/ingress-nginx-controller-1.11-compatpkg:apk/wolfi/ingress-nginx-controller-1.11-kube-webhook-certgenpkg:apk/wolfi/ingress-nginx-controller-1.12pkg:apk/wolfi/ingress-nginx-controller-bitnami-compat-1.12pkg:apk/wolfi/ingress-nginx-controller-compat-1.11pkg:apk/wolfi/ingress-nginx-controller-compat-1.12pkg:apk/wolfi/ingress-nginx-controller-iamguarded-compat-1.12pkg:apk/wolfi/ingress-nginx-custom-error-pages-1.12pkg:apk/wolfi/ingress-nginx-custom-error-pages-compat-1.12pkg:apk/wolfi/ingress-nginx-opentelemetry-1.11pkg:apk/wolfi/ingress-nginx-opentelemetry-compat-1.11pkg:apk/wolfi/ingress-nginx-opentelemetry-plugin-1.12pkg:apk/wolfi/kube-webhook-certgen-1.11pkg:apk/wolfi/kube-webhook-certgen-1.12pkg:golang/k8s.io/ingress-nginxpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 0+ 69 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.11.5-r0
- (no CPE)range: < 1.12.1-r14
- (no CPE)range: < 1.11.5
- (no CPE)range: < 0.0.20250327T184518-1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-242m-6h72-7hgpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-24513ghsaADVISORY
- github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5ghsaWEB
- github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1ghsaWEB
- github.com/kubernetes/kubernetes/issues/131005nvdWEB
- groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQghsaWEB
- security.netapp.com/advisory/ntap-20250328-0008ghsaWEB
- security.netapp.com/advisory/ntap-20250328-0008/nvd
News mentions
0No linked articles in our index yet.