Urgent Security Advisory: Critical Ingress Nightmare Vulnerabilities in Ingress NGINX from 03-25-2025 14:28 CET to 03-29-2025 19:18 CET

Scheduled maintenance Europe Asia America Australia North Europe West Europe Germany West Central France Central UK South East US West US2 Southeast Asia (Singapore) Australia East Switzerland North Middle East UAE North Japan East
03-25-2025 14:28 CET · 4 days, 4 hours, 50 minutes

Updates

Resolved

Dear valued customers,

We would like to provide you with an update about the Critical Ingress Nightmare Vulnerabilities in Ingress NGINX.

Our engineers have worked around the clock to manage the situation, and applied the latest patch version of Ingress NGINX, which addressed the issue at core.

During the whole period, we reviewed logs & alerts, without any suspicious exploitation attempts being identified.

Please rest assured that Jedox is taking care of the Security of your environments, and will always be ready to address any issues in a timely manner.

If you have any further questions or concerns, please do not hesitate to contact our Support Team via Jedox Customer Portal.

Thank you for your continued partnership and trust!

March 29, 2025 · 18:53 CET
Essential

Dear Cloud Customers,

We are writing to inform you about a newly identified critical security vulnerability known as IngressNightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974), which affects Ingress NGINX. This vulnerability has been assigned a severity score of 9.8 (Critical) and allows unauthenticated remote code execution.

What Happened?

Security researchers have identified multiple vulnerabilities in Ingress NGINX, which can be exploited by an attacker to execute arbitrary code remotely without authentication. If left unpatched, this could result in system compromise, data exfiltration, or further exploitation of your infrastructure.

What Are We Doing?

At Jedox, we have taken immediate steps to mitigate any potential risks, including:
• Immediate Patch Deployment: Update to the latest patched version of Ingress NGINX. Official security patches are available at released ingress-nginx v1.12.1 and v1.11.5
• Monitoring Logs & Alerts: Review logs for any suspicious activity that could indicate exploitation attempts.

Next Steps & Further Assistance

We are monitoring this situation closely and will provide timely updates as new information becomes available on our Statuspage.

If you require assistance or have any questions, please reach out to our Support team via Jedox Customer Portal.

Your security is our top priority, and we appreciate your prompt attention to this matter.

Thank you for your understanding and continued support.

March 25, 2025 · 14:28 CET

← Back