A newly discovered vulnerability, CVE-2025-1974, has been identified in the Kubernetes Ingress NGINX Controller, posing a severe security risk to clusters worldwide. With a critical CVSS rating of 9.8, this flaw allows attackers to exploit Kubernetes environments without authentication, potentially leading to complete cluster compromise. Organisations using Ingress NGINX must act immediately to mitigate the risk and secure their infrastructure.

This blog post will break down the severity of CVE-2025-1974, explain its impact, and provide clear steps for upgrading and mitigating potential attacks.