CVE-2025-24513

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-24513

CGA ID

CGA-8598-h4cw-p482

Severity

Unknown

Summary

ingress-nginx controller - auth secret file path traversal vulnerability

Description

A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

References

https://images.chainguard.dev/security/CGA-8598-h4cw-p482
https://github.com/advisories/GHSA-242m-6h72-7hgp
https://nvd.nist.gov/vuln/detail/CVE-2025-24513
https://github.com/kubernetes/kubernetes/issues/131005
https://github.com/kubernetes/ingress-nginx
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-24513

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources