On March 24, 2025, a set of critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 — collectively referred to as IngressNightmare was disclosed in the ingress-nginx Controller for Kubernetes. These vulnerabilities could lead to a complete cluster takeover by granting attackers unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster.