Cyber Posture

CVE-2025-14727

High

Published: 17 December 2025

Published
17 December 2025
Modified
08 January 2026
KEV Added
Patch
CVSS Score 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0010 27.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14727 is a high-severity Path Traversal (CWE-22) vulnerability in F5 Nginx Ingress Controller. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through patching the NGINX Ingress Controller directly eliminates the path traversal vulnerability in nginx.org/rewrite-target annotation validation.

SI-10 Information Input Validation good match
prevent

Information input validation ensures rewrite-target annotations are checked for path traversal sequences, preventing CWE-22 exploitation by low-privilege attackers.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Vulnerability scanning detects the presence of CVE-2025-14727 in NGINX Ingress Controller deployments, enabling identification prior to exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Path traversal vulnerability (CWE-22) in NGINX Ingress Controller's public-facing annotation processing directly enables exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Deeper analysisAI

CVE-2025-14727, published on 2025-12-17, is a vulnerability in the NGINX Ingress Controller's nginx.org/rewrite-target annotation validation, classified under CWE-22 (Path Traversal). It affects the NGINX Ingress Controller, with software versions that have reached End of Technical Support (EoTS) not evaluated. The vulnerability has a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L), indicating high severity due to network accessibility and impacts on confidentiality, integrity, and availability.

An attacker with low privileges (PR:L) can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high confidentiality and integrity impacts, such as unauthorized access to sensitive data or modification of resources, alongside low availability disruption.

The F5 advisory at https://my.f5.com/manage/s/article/K000158176 provides details on mitigation, including patches and workarounds for affected NGINX Ingress Controller versions.

Details

CWE(s)
CWE-22

Affected Products

f5
nginx ingress controller
5.3.0

CVEs Like This One

CVE-2025-53521Same vendor: F5
CVE-2025-24497Same vendor: F5
CVE-2024-36512Shared CWE-22
CVE-2025-36236Shared CWE-22
CVE-2025-20058Same vendor: F5
CVE-2025-7360Shared CWE-22
CVE-2025-7712Shared CWE-22
CVE-2024-39786Shared CWE-22
CVE-2025-64057Shared CWE-22
CVE-2025-14914Shared CWE-22

References