NGINX Ingress Controller Vulnerabilities

Update from March 25, 2025, 16:00 UTC

The Dynatrace team has finished the analysis of the Ingress NGINX controller vulnerabilities and successfully deployed mitigation measures for CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974 on all potentially affected systems.

Update from March 25, 2025, 11:00 UTC

The Dynatrace team is actively reviewing the recently announced vulnerabilities in Ingress NGINX controller also known as IngressNightmare (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974).

We will continue to assess the situation and provide further status updates on this page.

Notice

This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.

Get article updates or report security vulnerabilities

Dynatrace takes a proactive approach in communicating security vulnerability information to customers. Learn more about Dynatrace security and our security policy. To report a security issue, email security@dynatrace.com.

RSS feed Report issue