How severe is CVE-2025-1974?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2025-1974?

This is classified as CWE-653, which is a common weakness in software security.

CVE-2025-1974

CRITICAL Year: 2025

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-653

View all →

Vulnerability Description

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2024-33768

CRITICAL

CVSS:9.8(Critical)

lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source_over.

CWE-6532024

CVE-2025-4083

CRITICAL

CVSS:9.1(Critical)

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended fr...

CWE-6532025

CVE-2024-20285

HIGH

CVSS:8.8(High)

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlyi...

CWE-6532024

CVE-2023-1305

HIGH

CVSS:8.1(High)

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed a...

CWE-6532023