cbcvebase.

Github.Com Chaos-Mesh Chaos-Mesh vulnerabilities

4 known vulnerabilities affecting github.com/chaos-mesh_chaos-mesh.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4

Vulnerabilities

Page 1 of 1
CVE-2025-59361P2HIGHCVSS 7.5≥ 0, < 2.7.32025-09-15
CVE-2025-59361 [HIGH] CWE-78 Chaos Controller Manager is vulnerable to OS command injection Chaos Controller Manager is vulnerable to OS command injection The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
ghsaosv
CVE-2025-59359P2HIGHCVSS 7.5≥ 0, < 2.7.32025-09-15
CVE-2025-59359 [HIGH] CWE-78 Chaos Controller Manager is vulnerable to OS command injection Chaos Controller Manager is vulnerable to OS command injection The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
ghsaosv
CVE-2025-59360P2HIGHCVSS 7.5≥ 0, < 2.7.32025-09-15
CVE-2025-59360 [HIGH] CWE-78 Chaos Controller Manager is vulnerable to OS command injection Chaos Controller Manager is vulnerable to OS command injection The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.
ghsaosv
CVE-2025-59358P3HIGH≥ 0, < 2.7.32025-09-15
CVE-2025-59358 [HIGH] CWE-306 Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.
ghsaosv
Github.Com Chaos-Mesh Chaos-Mesh vulnerabilities | cvebase