VYPR
Critical severityOSV Advisory· Published Sep 15, 2025· Updated Sep 15, 2025

OS command injection in Chaos Mesh via the cleanIptables mutation

CVE-2025-59361

Description

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/chaos-mesh/chaos-meshGo
< 2.7.32.7.3

Affected products

5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.