A collection of five crucial security flaws has been revealed in the Ingress NGINX Controller for Kubernetes, which may lead to unauthorized remote code execution, thereby placing more than 6,500 clusters in immediate jeopardy by exposing the component to the global internet.
The weaknesses (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974), given a CVSS rating of