CyberSecurity

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513. Customers running this controller on their AKS clusters are advised to update to the latest patched versions […]

Updated links to security updates. This is an informational change only. 

Updated links to security updates. This is an informational change only. 

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. 

No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. 

Improper link resolution before file access (‘link following’) in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. 

Added acknowledgements. This is an informational change only. 

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. 

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. 

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024) for more information. Google is aware of reports that an exploit for CVE-2025-24201 exists in the wild.