CVE-2025-1974: vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster (kubernetes.io)
from beerclue@lemmy.world to selfhosted@lemmy.world on 26 Mar 09:36
https://lemmy.world/post/27407357

cross-posted from: lemmy.world/post/27407351

When combined with today’s other vulnerabilities, CVE-2025-1974 means that anything on the Pod network has a good chance of taking over your Kubernetes cluster, with no credentials or administrative access required.

#selfhosted

threaded - newest

scrubbles@poptalk.scrubbles.tech on 26 Mar 19:38 next collapse

Great callout, thanks for posting

marauding_gibberish142@lemmy.dbzer0.com on 28 Mar 05:16 collapse

Isn’t this only for people running NGINX?

irotsoma@lemmy.blahaj.zone on 28 Mar 06:35 collapse

Yes it’s defects in the ingress-nginx controller package.