漏洞描述
Ingress-NGINXController是Kubernetes生态的核心项目之一,作为集群流量入口网关,实现Ingress资源定义的流量路由规则,通过NGINX实现反向代理和负载均衡功能。Kubernetes Ingress-NGINXController 存在未授权远程代码执行漏洞(CVE-2025-1974),攻击者可以通过该漏洞获取服务器敏感信息,执行恶意命令,控制整个服务器。
Kubernetes Ingress-NGINX Controller 存在未授权远程代码执行漏洞(CVE-2025-1974)
PoC代码
暂无相关漏洞推荐
- Tinycontrol LAN Controller 安全漏洞
- (CVE-2023-53878)Member Login Script 3.3客户端去同步漏洞
- POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
- POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC wp-woocommerce-admin-fpd: WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure
- JeeWMS /rest/../cgUploadController.do 文件上传漏洞(CVE-2025-60268)
- POC CVE-2017-5983: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
- POC CVE-2021-4449: ZoomSounds Plugin - Unauthenticated Arbitrary File Upload
- POC CVE-2023-38875: PHP Login System 2.0.1 - Cross-Site Scripting
- POC CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
- POC nginx-status-403-bypass: Nginx Status Page - 403 Bypass
- 友加畅捷管理系统 /Controllers/ajax/Attachment.ashx 文件读取漏洞
- 友加畅捷管理系统 /Controllers/ajax/downloadfile.ashx 文件读取漏洞