Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-1097 PoC — ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

Source
https://github.com/lufeirider/IngressNightmare-PoC
Associated Vulnerability
Title:ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation (CVE-2025-1097)
Description:A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Description
IngressNightmare-PoC: (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974)  PoC ,One-click script 。 一键脚本
File Snapshot

 [4.0K]  /data/pocs/8a1cab56ef4e0697a71ae4ebedca0c1b5125802b
├── [ 12K]  IngressNightmareV1.py
└── [ 12K]  IngressNightmareV2.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →