CNNVD-202509-2244 Information

CNNVD ID

CNNVD-202509-2244

Related CVE

CVE-2025-59359

• CNNVD Published: 2025-09-15

Description (Chinese)

chaos-mesh是Chaos Mesh开源的一个工程平台。 chaos-mesh存在操作系统命令注入漏洞，该漏洞源于cleanTcs突变容易受到OS命令注入攻击，可能导致远程代码执行。

Description (English)

Chaos-mesh is an engineering platform for Chaos Mesh. Chaos-mesh has an operational system command-infusion loophole, which stems from the vulnerability of the cleanTcs mutation to OS-injection, which may lead to remote code enforcement.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

Chaos Mesh

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/chaos-mesh/chaos-mesh/pull/4702 https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover