Headline

CVE-2025-1974: Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Why are we publishing this Kubernetes CVE in the Security Update Guide?

We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnerabilities in the Kubernetes NGINX Ingress Controller. Some of these vulnerabilities might affect you if you have this component running in your Kubernetes cluster.

How do I know if I am affected by these vulnerabilities?

If you are running your own Kubernetes NGINX Ingress Controller, please review the CVEs and mitigate by updating to the latest patch versions (v1.11.5 and v1.12.1).

If you are using the Managed NGINX ingress with the application routing add-on on AKS, the patches are getting rolled out to all regions and should be completed in a few days. No action is required.

The status of the AKS deployment can be monitored here: AKS Release Status.

Where can I find more information about these vulnerabilities?

CVE ID

Link to Github Issue

CVE-2025-1098

Github 131008

CVE-2025-1974

Github 131009

CVE-2025-1097

Github 131007

CVE-2025-24514

Github 131006