This technical exploit targets the Ingress-NGINX Admission Controller in Kubernetes environments, specifically affecting versions v1.10.0 through v1.11.1. The vulnerability, tracked via multiple CVEs including CVE-2025-1097 and CVE-2025-24514, allows an attacker to achieve Remote Code Execution (RCE) by leveraging File Descriptor (FD) injection. The exploit involves uploading a malicious shared object and then forcing the controller to load it through a brute-force attack on the admission webhook.
The provided proof-of-concept script automates the entire attack chain. It compiles a C-based malicious library designed to trigger a reverse shell, maintains a persistent connection to the ingress to keep the file descriptor alive, and concurrently scans the /proc filesystem via the admission webhook to locate and execute the payload. This highlights a significant risk in container orchestration security where improper validation of internal file paths can lead to full cluster compromise.
Top comments (0)