Versions (6)
Version DetailsCurrent
Rev: 1 • Jul 24, 2025, 5:44 PMATTACK [PTsecurity] Ingress nginx RCE (CVE-2025-1974)
alert http any any -> any any (msg:"ATTACK [PTsecurity] Ingress nginx RCE (CVE-2025-1974)"; flow:to_server, established; http.request_body; content:"kind"; content:"AdmissionReview"; distance:0; content:"nginx.ingress.kubernetes.io|2f|auth-url|22|"; distance:0; pcre:"/^\s*\x3A\s*\x22[^\x22]*?\/proc\/\d+\/fd\/\d+/PR"; reference:cve, 2025-1974; reference:url, www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10013533; rev:1;)
Jul 24, 2025, 5:44 PM
Jul 24, 2025, 5:44 PM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-attacks.rules