-
Course
- Security
Unauthorized RCE in NGINX Ingress Controller for Kubernetes: What You Should Know
Discover the key information you need to know about unauthorized remote code execution (RCE) using recently discovered vulnerabilities in NGINX Ingress Controller for Kubernetes.
What you'll learn
In this episode of What You Should Know we look at the recent string of CVEs linked to the NGINX Ingress Controller for Kubernetes, including CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974. The information you’ll gain will enable you to understand your exposure to unauthorized Remote Code Execution (RCE) found in NGINX’s Ingress Controller for Kubernetes, leading to unauthorized access to all secrets stored across all namespaces in the K8 cluster. With this course, you’ll understand what this vulnerability means to you, what indicators of compromise to look for in your environment, and the steps you need to take to mitigate your organization’s exposure.
Table of contents
About the authors
Matt has a degree in Chemical engineering and a PhD in mathematical chemistry. He is also a GIAC certified incident handler and penetration tester and has regulated cyber security in the UK civil nuclear sector for many years.
More Courses by Matthew
Michael Teske is an Author Evangelist with Pluralsight helping people elevate their skills. He has 20+ years of experience in IT Ops, including 17 as an IT instructor at a community college.
More Courses by Michael