CVE-2025-1098
📋 TL;DR
This vulnerability in ingress-nginx allows attackers to inject arbitrary nginx configuration via the 'mirror-target' and 'mirror-host' annotations, potentially leading to remote code execution and disclosure of Kubernetes Secrets. It affects all Kubernetes clusters using ingress-nginx with these annotations enabled. The controller's default permissions allow access to all cluster-wide Secrets.
💻 Affected Systems
- kubernetes/ingress-nginx
⚠️ Risk & Real-World Impact
Worst Case
Full cluster compromise via arbitrary code execution as ingress-nginx controller, leading to data exfiltration, lateral movement, and complete control over affected Kubernetes workloads.
Likely Case
Privilege escalation to controller service account, enabling access to sensitive Secrets and potential deployment of malicious workloads.
If Mitigated
Limited impact if proper network policies, RBAC restrictions, and annotation validation are in place, potentially preventing successful exploitation.
🎯 Exploit Status
Exploitation requires permissions to create/modify Ingress resources. Public exploit code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check latest ingress-nginx releases for specific version
Vendor Advisory: https://github.com/kubernetes/ingress-nginx/security/advisories
Restart Required: Yes
Instructions:
1. Update ingress-nginx controller to latest patched version. 2. Delete and recreate controller pods to ensure new version is active. 3. Verify annotations are properly validated.
🔧 Temporary Workarounds
Restrict Ingress creation permissions
allLimit who can create/modify Ingress resources using Kubernetes RBAC
kubectl create clusterrole ingress-restricted --verb=get,list,watch --resource=ingresses
kubectl create clusterrolebinding restricted-ingress-binding --clusterrole=ingress-restricted --user=restricted-user
Disable mirror annotations via admission controller
allUse OPA/Gatekeeper or Kyverno to block Ingress resources containing mirror-target or mirror-host annotations
Example Gatekeeper constraint: apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sRequiredAnnotations
metadata:
name: block-mirror-annotations
spec:
match:
kinds:
- apiGroups: ["networking.k8s.io"]
kinds: ["Ingress"]
parameters:
annotations:
- key: nginx.ingress.kubernetes.io/mirror-target
allowedRegex: "^$"
- key: nginx.ingress.kubernetes.io/mirror-host
allowedRegex: "^$"
🧯 If You Can't Patch
- Implement strict RBAC controls to limit who can create/modify Ingress resources
- Deploy admission controllers (OPA/Gatekeeper, Kyverno) to validate and reject Ingress resources with mirror annotations
🔍 How to Verify
Check if Vulnerable:
Check if ingress-nginx controller version is vulnerable by examining controller pod version and verifying if mirror annotations are accepted without validationCheck Version:
kubectl get pods -n ingress-nginx -l app.kubernetes.io/component=controller -o jsonpath='{.items[*].spec.containers[*].image}'Verify Fix Applied:
Attempt to create an Ingress with malicious mirror annotations - should be rejected or properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual nginx configuration changes
- Ingress resources with mirror-target or mirror-host annotations containing suspicious values
- Controller pod executing unexpected commands
Network Indicators:
- Unexpected outbound connections from ingress-nginx controller
- Traffic mirroring to unauthorized destinations
SIEM Query:
source="kubernetes" AND ("mirror-target" OR "mirror-host") AND annotation_value=~"(?i).*(exec|curl|wget|bash|sh).*"