[Update] Cumulocity Platform not affected by Kubernetes NGINX Controller vulnerabilities

c8y_security · March 31, 2025, 6:41am

Date: 2025-03-27

Overview

A recent security vulnerability (named as #IngressNightmare) with the following CVEs:

CVE-2025-1974
CVE-2025-1098
CVE-2025-1097
CVE-2025-24514
CVE-2025-24513

has been identified in Kubernetes based Nginx Ingress Controller. This vulnerability may allow unauthorized access, privilege escalation under specific configurations.

Impact on Cumulocity Platform

None.
We confirm that the Cumulocity platform is not affected by this vulnerability because we don’t use the Kubernetes based Nginx Ingress Controller in our platform.

Recommended Actions for Customers

None

References

For any further questions, please contact support.

Topic		Replies	Views
July 11, 2024 - Microservice manifest advanced user input validation Application Enablement app-enablement , platform-services , microservice-hosting , Announcement	0	0	March 17, 2025
Cumulocity Edge Announcement: Transition to the Enhanced Cumulocity Edge Installer Product news cumulocity-edge	0	48	April 4, 2025
July 30, 2024 - Added support for device certificate authentication Platform services authentication , platform-services , Feature	0	0	March 17, 2025
Cumulocity Maintenance Release 2025.1 Now Available Product news release	0	13	April 22, 2025
Tenant Url of the Cumulocity throws privacy issue Forum cumulocity	2	140	October 6, 2024

[Update] Cumulocity Platform not affected by Kubernetes NGINX Controller vulnerabilities

Overview

Impact on Cumulocity Platform

Recommended Actions for Customers

References

Related topics