On March 24, 2025, Wiz Research discovered a series of unauthenticated Remote Code Execution (RCE) vulnerabilities in the Ingress NGINX Controller for Kubernetes, identified as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. Collectively dubbed #IngressNightmare, these vulnerabilities allow attackers to gain unauthorized access to all secrets stored across all namespaces within a Kubernetes cluster. Exploiting these flaws can lead to complete cluster takeover, making Kubernetes environments highly vulnerable to compromise.

How to deal with the Kubernetes  “IngressNightmare”? Join our live, hands-on session where we'll walk you through a real-world Kubernetes Ingress issue and troubleshoot it step by step. Whether you're a seasoned DevOps engineer or just starting with Kubernetes, this webinar is for you. 

What you'll learn:

• What is the “IngressNightmare” remote code execution (RCE) vulnerability  — along with related configuration injection flaws. 
• Live demonstration of fixing a vulnerable Ingress setup 
• Tips and best practices for troubleshooting CVEs in production environments 
• Steps on how to mitigate the vulnerability  
• Real-time interaction with Kubernetes expert Bruno Teleginski 
  

Why you should attend:

• Hands-on Learning: Watch real-time debugging of a broken Kubernetes Ingress setup. 
• Expert Guidance: Learn mitigation practices from a seasoned Kubernetes expert. 
• Practical Insights: Walk away with actionable tips you can apply to your own Kubernetes projects. 
• Interactive Q&A: Have your Kubernetes-related questions answered during our live Q&A session! 

Speakers

Bruno Teleginski - Azure Cloud Consultant at CloudNation

Jorge Liauw Calo - Senior Solution Engineer at WIZ

 

Nir Ohfeld - Head of Vulnerability at WIZ