By Jamie Mcmurray | April 23, 2025
Affected Platforms: Ingress-NGINX Containers v1.11.0-4, v1.12.0, <v1.11.0
Impacted Users: Any Organization
Impact: Attackers gain control of the vulnerable systems
Severity Level: Critical
On March 24, 2025, researchers from Wiz, Inc. disclosed a critical group of vulnerabilities in the Kubernetes Ingress-NGINX controller, dubbed IngressNightmare. Among the most severe issues is CVE‑2025‑1974, which allows an attacker with only network access to the admission webhook to potentially achieve remote code execution (RCE) in the ingress controller pod. This vulnerability was privately disclosed earlier in March and publicly announced after patches became available. It has a CVSS rating of 9.8, underscoring the severity and urgency of applying the fixes.
This article summarizes how these CVEs work, explains our proof-of-concept demo of the exploit, and outlines mitigations and detection strategies. We’ll also show how Lacework FortiCNAPP and the broader Fortinet Security Fabric provide coverage for these kinds of attacks.