VYPR
Medium severity4.8GHSA Advisory· Published Mar 25, 2025· Updated Jun 17, 2026

CVE-2025-24513

CVE-2025-24513

Description

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
k8s.io/ingress-nginxGo
< 1.11.51.11.5
k8s.io/ingress-nginxGo
>= 1.12.0-beta.0, < 1.12.11.12.1

Affected products

71

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.