Critical Vulnerabilities Discovered in Ingress NGINX Controller for Kubernetes

A series of five critical vulnerabilities has been revealed in the Ingress NGINX Controller for Kubernetes, allowing remote code execution without authentication. These flaws (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) put more than 6,500 clusters at risk by exposing them to the public internet. The vulnerabilities have received a high CVSS score, indicating an immediate risk to affected systems.