Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation CVE-2025-24514

Name: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation (CVE-2025-24514)
Published: 2025-04-11T00:00:00.000Z

Severity

Vulnerability description: Not available
Risk description: Not available
Recommendation: Not available
References: https://github.com/kubernetes/kubernetes/issues/131006 https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities https://nvd.nist.gov/vuln/detail/CVE-2025-24514
Codename: Not available

Detectable with: Network Scanner
Scan engine: Nuclei
Exploitable with Sniper: No
CVE Published: Not available
Detection added at: Apr 11, 2025
Software Type: Not available
Vendor: Not available
Product: Not available

Detect & validate this vulnerability

Go beyond surface scans. Get real validation with proprietary tools designed to prove what’s exploitable in your environment.

Compare paid plans See all tools