CVE-2025-24513

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24513

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24513.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24513

Aliases

Downstream

openSUSE-SU-2025:14937-1

Related

Published

2025-03-25T00:15:14.900Z

Modified

2026-03-12T20:09:32.187290Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24513.json"