CVE-2025-59360

Published September 15th, 2025

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

chaos-mesh/chaos-mesh

A Chaos Engineering Platform for Kubernetes.

GitHub

7.33K