Kubernetes IngressNightmare: Wake Up and Fight Back with Microsegmentation
It’s every DevOps engineer’s nightmare: waking up to another critical Kubernetes vulnerability that compromises the gateway to your cluster. This time, however, the nightmare is real.
IngressNightmare — what you need to know
In the ever-evolving world of Kubernetes, vulnerabilities are bound to occur. Recently, a new set of critical vulnerabilities that affect the Kubernetes Ingress-NGINX controller has surfaced, which impacts a massive portion of cloud native environments and exposes them to unauthenticated remote code execution (RCE).
These vulnerabilities — CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 — allow attackers to compromise Kubernetes workloads and potentially gain cluster-wide access. And with more than 40% of environments exposed, this is no niche issue.
But here’s the uncomfortable truth: Though the maintainers of Kubernetes have already released patches for these vulnerabilities, patching is not always immediate.
Kubernetes clusters can be running legacy applications, sensitive workloads, or they could be bound by change control processes that delay mitigation. In the interim, attackers can thrive in those windows of opportunity.
Why microsegmentation matters more than ever
At Akamai, we believe security should not end at the perimeter. Modern attackers don’t stop at the first pod or node they compromise — they move laterally, escalate privileges, and go after the control plane, secrets, and high-value data.
That’s where microsegmentation comes in.
Get Zero Trust segmentation for Kubernetes
Ideally, even if an attacker makes it past the ingress controller, they should be met with a wall of segmentation that limits their movement and blocks escalation paths. Akamai helps our customers make that happen with real-time visibility, granular policy enforcement, and Zero Trust enforcement.
Real-time visibility — know what’s talking to what
Attackers rely on stealth to access and expand within your IT ecosystem, but we can take that ability away from them.
Akamai Guardicore Segmentation provides real-time traffic visualization, showing pod-to-pod, namespace-to-namespace, and service-to-service communication
You’ll immediately see if unauthorized changes have been made to Ingress resources or if a compromised pod starts scanning the network
Think of it as your cluster's security radar, showing you what’s coming before it hits.
Granular policy enforcement — not just north-south
Most security tools just look at ingress and egress, but Akamai Guardicore Segmentation goes deeper by allowing you to control east-west traffic inside the cluster. With that level of granularity, security policies can then be created quickly to:
Enforce namespace-level or workload-level segmentation
Restrict which services can talk to one another — even within the same namespace
Protect the Kubernetes control plane, API server, and etcd from internal threats
By using Akamai Guardicore Segmentation to create and enforce these policies, even if a pod becomes compromised via IngressNightmare, the threat cannot reach other sensitive workloads or APIs.
Zero Trust enforcement — verify everything
At Akamai, we believe a Zero Trust approach is the best way to secure Kubernetes deployments. And we believe that microsegmentation is the best way to implement those Zero Trust principles, such as:
No pod should be able to talk to another pod by default just because it’s on the same network
No namespace should reach external APIs unless explicitly allowed
Strict verification of every connection should be enforced, based on identity, labels, and policy — not based on IP alone
By ensuring that only explicitly authorized connections are allowed, based on identity and intent — not network proximity — you can prevent a small vulnerability from turning into a full-blown security event.
Turn the nightmare into a dream
We can’t stop vulnerabilities like IngressNightmare from being exploited. But we can help make sure that when the next one hits, your blast radius is near zero.
If you're running Kubernetes in production, this is your wake-up call. Now is the time to:
Audit your east-west traffic
Enforce microsegmentation around critical components
Visualize ingress exposure points
Stop lateral movement before it starts
Akamai is here to help you secure your clusters every step of the way.
Ready to see it in action?
Get in touch with us for a Kubernetes security assessment, and we’ll show you exactly where your risks lie — and how to fix them before attackers get there first.
Let’s transform your Kubernetes security from a potential nightmare into a dream come true.