FAQ About IngressNightmare Vulnerabilities (CVE-2025-1974...

FAQ About IngressNightmare Vulnerabilities (CVE-2025-1974 and more)

On March 24, the Kubernetes team published a blog post and patches to address a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes.

CVE-2025-1097
CVE-2025-1098
CVE-2025-1974
CVE-2025-24513
CVE-2025-24514

Collectively, these flaws are being referred to as IngressNightmare. Of the five vulnerabilities, CVE-2025-1974 is considered the most severe, as it was assigned a CVSSv3 score of 9.8 and the only critical flaw. However, the five flaws combined create a toxic combination (exploit chain) that could allow an attacker to access cluster secrets, which could lead to a cluster takeover.

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our FAQ blog.

CVE

Cyber Exposure Alerts

Tenable

Vulnerability Watch

Forum Discussion

FAQ About IngressNightmare Vulnerabilities (CVE-2025-1974...

Recent Discussions

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)

Americas

Europe

Asia / Australia