A critical configuration injection vulnerability in the Kubernetes NGINX Ingress Controller allows authenticated attackers with Ingress creation privileges to achieve arbitrary code execution and cluster-wide Secret disclosure. The flaw stems from improper input validation (CWE-20) where malicious Ingress annotations can inject arbitrary nginx configuration directives. In default deployments, the controll [truncated]
CVE-2025-24513 affects Siemens Insights Hub Private Cloud and is tied to an ingress-nginx issue in the Admission Controller feature. According to the advisory text, attacker-provided data can be included in a filename, causing directory traversal within the container. The stated impact is denial of service, and in combination with other vulnerabilities, limited disclosure of Secret objects from the cluste [truncated]
