Publication Date: 2025/03/24 02:15 PM PDT
Description
Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function.
AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller. Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version.
References:
- CVE-2025-1098 - GitHub Issue
- CVE-2025-1974 - GitHub Issue
- CVE-2025-1097 - GitHub Issue
- CVE-2025-24514 - GitHub Issue
- CVE-2025-24513 - GitHub Issue
Please email aws-security@amazon.com with any security questions or concerns.