CluedIn Security - [NOT impacted] Ingress NGINX Controller vulnerabilities

Wiz Research recently disclosed a series of critical unauthenticated Remote Code Execution (RCE) vulnerabilities affecting the Ingress NGINX Controller in Kubernetes (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974), collectively known as IngressNightmare. These vulnerabilities could allow attackers to execute arbitrary code and gain unauthorized access to Kubernetes secrets across namespaces. More information can be found in:

• Infosecurity Magazine

• The Hacker News

CluedIn is not impacted by these vulnerabilities, as we do not use NGINX as our ingress controller. Instead, CluedIn relies on HAProxy, which is not affected by these issues.

If you have deployed CluedIn using the standard setup, you are not impacted. However, customers who have modified their Ingress setup outside of CluedIn’s recommended configuration should review their infrastructure and apply any necessary security updates.

Our security team continuously monitors emerging threats and ensures that CluedIn remains secure. For any questions or further assistance, contact CluedIn support team at support@cluedin.com.