VYPR
High severityOSV Advisory· Published Sep 15, 2025· Updated Sep 15, 2025

Denial of Service via Unauthorized Access to Chaos Mesh debugging server

CVE-2025-59358

Description

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/chaos-mesh/chaos-meshGo
< 2.7.32.7.3

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.