Chaos Mesh

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-59361 CRITICAL POC PATCH Act Now

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-59360 CRITICAL POC PATCH Act Now

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2025-59359 CRITICAL POC PATCH Act Now

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-59358 HIGH POC PATCH This Week

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Kubernetes Chaos Mesh Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-59361
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh +1
NVD GitHub
CVE-2025-59360
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection RCE Chaos Mesh +1
NVD GitHub
CVE-2025-59359
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Chaos Mesh +1
NVD GitHub
CVE-2025-59358
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Denial Of Service Kubernetes +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy