CVE-2025-1097
CVE Details
Visit the official vulnerability details page for CVE-2025-1097 to learn more.
Initial Publication
03/25/2025
Last Update
03/29/2025
This CVE does not have a third party dependency.
NIST CVE Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVE Severity
Our Official Summary
This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.18 | ✅ No Impact | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted |
| 4.6.12 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.8 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.7 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.6 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.22 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.21 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.15 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.11 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.10 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 03/29/2025 | Advisory severity revised to UNKNOWN from HIGH |
| 03/29/2025 | Impacted versions changed from 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12 to 4.4.20, 4.5.10, 4.5.11, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12, 4.6.18 |
| 03/29/2025 | Advisory is no longer impacting. |
| 03/29/2025 | Official summary revised: This vulnerability is a false positive. Although this is reported by the scanning tools on some of the components, further checks indicate the symbol/function with the vulnerability while present is not being used. |
| 03/28/2025 | Official summary revised: This high priority CVE reported on nginx ingress controller affects both Paltte & Vertex deployments. Workload clusters using nginx-controller versions v1.11.0, v1.11.0 - 1.11.4, v1.12.0 are also vulnerable. Attackers with access to the pod network can use remote code execution to dump confidential information such as secrets in the affected clusters, if this CVE is chained with other vulnerabilities. Ingress controller version should be updated to 1.11.5 or 1.12.1 to fix the vulnerabilities. Palette, VerteX Saas deployments and the managed dedicated Palette deployments are patched. For a more detailed desciption, timeline and remediation steps: https://docs.spectrocloud.com/security-bulletins/security-advisories. |
| 03/28/2025 | Official summary revised: This high priority CVE reported on nginx ingress controller affects both Paltte & Vertex deployments. Workload clusters using nginx-controller versions v1.11.0, v1.11.0 - 1.11.4, v1.12.0 are also vulnerable. Attacker can use remote code execution to dump confidential information such as secrets in the affected clusters, if this CVE is chained with other vulnerabilities. Ingress controller version should be updated to 1.11.5 or 1.12.1 to fix the vulnerabilities. Palette, VerteX Saas deployments and the managed dedicated Palette deployments are patched. For a more detailed desciption, timeline and remediation steps: https://docs.spectrocloud.com/security-bulletins/security-advisories. |
| 03/27/2025 | Official summary revised: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide. For a more detailed desciption, timeline and remediation steps: https://docs.spectrocloud.com/security-bulletins/security-advisories |
| 03/27/2025 | Official summary revised: This high CVE enables injecting arbitrary configuration into NGINX which can lead to arbitrary code execution. Only authenticated privileged users will be able to exploit this vulnerabiity in the palette deployments. Workload clusters using nginx-controller versions v1.11.0, v1.11.0 - 1.11.4, v1.12.0 are also vulnerable. Attacker can dump secrets from the cluster using the remote code execution. Ingress controller version should be updated to 1.11.5 or 1.12.1 to fix the vulnerabilities. |