5 matches found
EUVD-2025-29178
Malicious code in bioql PyPI...
Chaos Controller Manager is vulnerable to OS command injection
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...
CVE-2025-59361
The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...
CVE-2025-59361
The provided connected sources confirm CVE-2025-59361 pertains to Chaos Mesh’s Chaos Controller Manager, specifically an OS command injection in the mutation path (cleanIptables). The related entry CVE-2025-59358 describes an unauthenticated exposure via a GraphQL debugging surface that can kill ...
PT-2025-37475
Name of the Vulnerable Software and Affected Versions Chaos Controller Manager affected versions not specified Description The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. This allows unauthenticated in-cluster attackers to perform remote code executio...