Security issue (!80) · Merge requests · GitLab.org / project-templates / Cluster Management

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

We want to inform you about critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) impacting the Ingress NGINX Controller. These vulnerabilities could lead to unauthenticated remote code execution and potentially result in complet cluster takeover.

Affected Versions:

All versions earlier than v1.11.0
Versions v1.11.0 - v1.11.4
Version v1.12.0

Edited Apr 03, 2025 by Jelle Bakker

Security issue

Merge request reports