CVE-2025-24513
CVE-2025-24513
4.8
MediumPublished:
Last updated:
Source:jordan@liggitt.net
Deferred
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- Low
- Integrity
- None
- Availability
- Low
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
References
jordan@liggitt.net
https://github.com/kubernetes/kubernetes/issues/131005af854a3a-2127-422b-91ae-364da2661108
https://security.netapp.com/advisory/ntap-20250328-0008/