Current ThreatQ Version Filter

Advisory for Ingress NGIX Controller for Kubernetes

Advisory Item	Details
Advisory Publication Date	2025-04-04
Customer Deployment Type	On Premise Customers Only. ThreatQ hosted customers are not affected as an AWS specific ingress is used instead.
ThreatQ Platform Versions Affected	< 6.7.4 ThreatQ v5 is not affected by these vulnerabilities.
CVEs	CVE-2025-24513 - directory traversal CVE-2025-24514 – auth-url Annotation Injection CVE-2025-1097 – auth-tls-match-cn Annotation Injection CVE-2025-1098 – mirror UID Injection CVE-2025-1974 – NGINX Configuration Code Execution
Details	ThreatQ v6 releases prior to 6.7.4 include ingress-nginx-controller v1.11.2 which has a vulnerability that allows remote code execution (RCE) without authentication. This vulnerability affects the admission controller component and potentially puts clusters at risk. ThreatQ does not expose the admission controller by default but the vulnerability could have led to privilege escalation. See the associated CVEs listed above for more details.
Resolution	ThreatQ version 6.7.4, released on 2025-04-02, included upgrades to ingress-nginx-controller v1.12.1 and helm chart version 4.12.1 that addresses the NGINX controller vulnerabilities listed in above CVEs. In addition, the admission webhook for ingress-nginx has been disabled in the ThreatQ product to reduce the impact of any future vulnerabilities.