CNNVD-202509-2245 Information

CNNVD ID

CNNVD-202509-2245

Related CVE

CVE-2025-59360

• CNNVD Published: 2025-09-15

Description (Chinese)

Chaos Mesh是Chaos Mesh开源的一个开源的云原生工程平台。 Chaos Mesh存在操作系统命令注入漏洞，该漏洞源于killProcesses突变容易受到os命令注入攻击，可能导致远程代码执行。

Description (English)

Chaos Mesh is an open-source cloud-based engineering platform for Chaos Mesh. Chaos Mesh has an operational system command leak, which stems from the fact that the killProces mutations are vulnerable to Os command injections, which may lead to remote code enforcement.

Hazard Level

Low

Vulnerability Type

操作系统命令注入

Affected Vendor

Chaos Mesh

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/chaos-mesh/chaos-mesh/pull/4702 https://jfrog.com/blog/chaotic-deputy-critical-vulnerabilities-in-chaos-mesh-lead-to-kubernetes-cluster-takeover