KB-2335 Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Fri, 28 Mar 2025 14:09:37 GMT

Current Revision posted to Appian Knowledge Base by Ryan Good on 3/28/2025 2:09:37 PM

On 24-Mar-2025, Wiz announced the discovery of a series of CVEs in the Ingress NGINX Controller for Kubernetes. These findings were reported to Kubernetes who later announced patches for ingress-nginx.

Upon assessing the Appian platform against all details of the CVEs, we can confirm that the Appian platform is not impacted. Appian does deploy ingress-nginx in multiple partitions of the platform; however, these deployments do not make use of the admissionWebhooks component which is the underlying impacted feature.

While our current implementation is not affected, we are prioritizing upgrades of our ingress-nginx deployments to the latest version as a precautionary safety measure.

IMPORTANT: Self-managed Appian on Kubernetes is not shipped with ingress-nginx. If your environment uses the Ingress NGINX Controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Last reviewed: March 26, 2025

KB-2335 Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Fri, 28 Mar 2025 14:06:34 GMT

Revision 18 posted to Appian Knowledge Base by Ryan Good on 3/28/2025 2:06:34 PM

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Last reviewed: March 26, 2025

Tags: 24-March-2025

KB-2335 Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Fri, 28 Mar 2025 13:11:32 GMT

Revision 17 posted to Appian Knowledge Base by Ryan Good on 3/28/2025 1:11:32 PM

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Last reviewed: March 26, 2025

KB-2335 Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Fri, 28 Mar 2025 13:09:37 GMT

Revision 16 posted to Appian Knowledge Base by Ryan Good on 3/28/2025 1:09:37 PM

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Last reviewed: March 26, 2025

Tags: appian on kubernetes, appiancloud, Kubernetes

KB-2335 Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Wed, 26 Mar 2025 19:42:33 GMT

Revision 15 posted to Appian Knowledge Base by Ryan Good on 3/26/2025 7:42:33 PM

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Last reviewed: March 26, 2025

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

KB-2335 Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Tue, 25 Mar 2025 18:11:49 GMT

Revision 14 posted to Appian Knowledge Base by Ryan Good on 3/25/2025 6:11:49 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

IMPORTANT: Self-managed Appian on Kubernetes is not shipped with ingress-nginx. If your environment uses the Ingress NGINX Controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.

Last reviewed: March 25, 2025

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Tue, 25 Mar 2025 18:08:20 GMT

Revision 13 posted to Appian Knowledge Base by Ryan Good on 3/25/2025 6:08:20 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Last reviewed: March 25, 2025

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller vulnerability (CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, & CVE-2025-1098)

Ryan Good — Tue, 25 Mar 2025 18:05:49 GMT

Revision 12 posted to Appian Knowledge Base by Ryan Good on 3/25/2025 6:05:49 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud. Self-managed Appian on Kubernetes is not shipped with ingress-nginx. If your environment uses the Ingress NGINX Controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:52:00 GMT

Revision 11 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:52:00 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:50:01 GMT

Revision 10 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:50:01 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud. Self-managed Appian on Kubernetes does not include ingress-nginx by default and is unaffected by the vulnerability. If your environment uses the Ingress NGINX Controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:47:46 GMT

Revision 9 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:47:46 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud. Self-managed Appian on Kubernetes does not include ingress-nginx by default and is unaffected by the vulnerability. If your environment uses the nginx ingress controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:46:47 GMT

Revision 8 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:46:47 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Self-managed Appian on Kubernetes does not include ingress-nginx by default and is unaffected by the vulnerability. If your environment uses the nginx ingress controller to expose Appian, please review to confirm your version and upgrade to a secure one if necessary.

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Abdullah Munawar — Tue, 25 Mar 2025 17:42:15 GMT

Revision 7 posted to Appian Knowledge Base by Abdullah Munawar on 3/25/2025 5:42:15 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to Appian Cloud.

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:17:07 GMT

Revision 6 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:17:07 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to all supported versions of Appian.

Tags: appian on kubernetes, appiancloud, Kubernetes, FAQ

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:11:09 GMT

Revision 5 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:11:09 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to all supported versions of Appian.

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:11:03 GMT

Revision 4 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:11:03 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to all supported versions of Appian.

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:09:53 GMT

Revision 3 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:09:53 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates.

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to all supported versions of Appian.

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (Multiple CVEs)

Harrison Hunt — Tue, 25 Mar 2025 17:05:49 GMT

Revision 2 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:05:49 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to all supported versions of Appian.

[DRAFT SUPP-1064] Information about the Kubernetes ingress-nginx controller Vulnerability (CVE-2025-1974)

Harrison Hunt — Tue, 25 Mar 2025 17:05:25 GMT

Revision 1 posted to Appian Knowledge Base by Harrison Hunt on 3/25/2025 5:05:25 PM

Appian is aware of this vulnerability and is actively investigating to determine whether or not we are impacted, please stay tuned for updates

Additional Notes

The following CVEs were released with additional information on the scope of the vulnerability:

Supporting Documentation

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974

Affected Versions

This article applies to all supported versions of Appian.