The 'IngressNightmare' vulnerabilities in the Kubernetes Ingress NGINX Controller: Overview, detection, and remediation

**IngressNightmare (CVE-2025-1974) executive summary:** Researchers disclosed five vulnerabilities in the ingress-nginx controller for Kubernetes, notably CVE-2025-1974, a critical (CVSS 9.8) unauthenticated RCE in the admission webhook that, if the webhook is reachable (externally or from any pod), can be chained to achieve code execution and full cluster privilege escalation; the report lists affected versions, detection indicators (log strings and audit events), proof-of-concept reproduction steps, and remediation guidance (upgrade to v1.12.1+/v1.11.5+ or restrict webhook network access).