CVE-2025-24513

EUVD-2025-8032
A security issue was discovered in  ingress-nginx https://github.com/kubernetes/ingress-nginx  where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
kubernetesCNA
4.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
kubernetesingress-nginx
𝑥
≤ 1.11.4
CNA
kubernetesingress-nginx
1.12.0
CNA
Common Weakness Enumeration
References
https://github.com/kubernetes/kubernetes/issues/131005
https://security.netapp.com/advisory/ntap-20250328-0008/