24h | 7d | 30d

CVE-2025-59359

Overview

  • github.com/chaos-mesh/chaos-mesh
15 Sep 2025
Published
15 Sep 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.48%
KEV

Description

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes
cluster takeover
jfrog.com/blog/chaotic-deputy-

JFrog Security Research recently discovered and disclosed multiple CVEs in the
highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs,
which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360,
CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are
critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by
in-cluster attackers to run arbitrary code on any pod in the cluster, even in
the default configuration of Chaos-Mesh.

Users of Chaos-Mesh are recommended to upgrade Chaos-Mesh to the fixed version
– 2.7.3, as soon as possible. If you are unable to upgrade your Chaos-Mesh
version, see our “Workarounds” section below. Some infrastructures that use
Chaos-Mesh are also affected by these vulnerabilities, for example Azure Chaos
Studio. In this technical blogpost, we will delve deeper into the inner
workings of the Chaos-Mesh platform and explain the issues that led to these
vulnerabilities.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
blackhatnews.tokyo @blackhatnews.tokyo
Chaos-Meshの重大なCVEによりクラスタ内コード実行が可能に Chaos-Meshプラットフォームに複数のCVEが発見されており、その中には、デフォルト設定でもクラスタ内の攻撃者が任意のPod上でコードを実行できる3つの重大な脆弱性が含まれています。 JFrogセキュリティリサーチによる新たな調査によると、これらの脆弱性はCVE-2025-59358、CVE-2025-59360、CVE-2025-59361、CVE-2025-59359として追跡されています。これらはChaos Controller…
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-59358

Overview

  • github.com/chaos-mesh/chaos-mesh
15 Sep 2025
Published
15 Sep 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.03%
KEV

Description

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes
cluster takeover
jfrog.com/blog/chaotic-deputy-

JFrog Security Research recently discovered and disclosed multiple CVEs in the
highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs,
which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360,
CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are
critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by
in-cluster attackers to run arbitrary code on any pod in the cluster, even in
the default configuration of Chaos-Mesh.

Users of Chaos-Mesh are recommended to upgrade Chaos-Mesh to the fixed version
– 2.7.3, as soon as possible. If you are unable to upgrade your Chaos-Mesh
version, see our “Workarounds” section below. Some infrastructures that use
Chaos-Mesh are also affected by these vulnerabilities, for example Azure Chaos
Studio. In this technical blogpost, we will delve deeper into the inner
workings of the Chaos-Mesh platform and explain the issues that led to these
vulnerabilities.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
blackhatnews.tokyo @blackhatnews.tokyo
Chaos-Meshの重大なCVEによりクラスタ内コード実行が可能に Chaos-Meshプラットフォームに複数のCVEが発見されており、その中には、デフォルト設定でもクラスタ内の攻撃者が任意のPod上でコードを実行できる3つの重大な脆弱性が含まれています。 JFrogセキュリティリサーチによる新たな調査によると、これらの脆弱性はCVE-2025-59358、CVE-2025-59360、CVE-2025-59361、CVE-2025-59359として追跡されています。これらはChaos Controller…
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-59360

Overview

  • github.com/chaos-mesh/chaos-mesh
15 Sep 2025
Published
15 Sep 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
0.48%
KEV

Description

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Statistics

  • 2 Posts
Last activity: 18 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes
cluster takeover
jfrog.com/blog/chaotic-deputy-

JFrog Security Research recently discovered and disclosed multiple CVEs in the
highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs,
which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360,
CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are
critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by
in-cluster attackers to run arbitrary code on any pod in the cluster, even in
the default configuration of Chaos-Mesh.

Users of Chaos-Mesh are recommended to upgrade Chaos-Mesh to the fixed version
– 2.7.3, as soon as possible. If you are unable to upgrade your Chaos-Mesh
version, see our “Workarounds” section below. Some infrastructures that use
Chaos-Mesh are also affected by these vulnerabilities, for example Azure Chaos
Studio. In this technical blogpost, we will delve deeper into the inner
workings of the Chaos-Mesh platform and explain the issues that led to these
vulnerabilities.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
blackhatnews.tokyo @blackhatnews.tokyo
Chaos-Meshの重大なCVEによりクラスタ内コード実行が可能に Chaos-Meshプラットフォームに複数のCVEが発見されており、その中には、デフォルト設定でもクラスタ内の攻撃者が任意のPod上でコードを実行できる3つの重大な脆弱性が含まれています。 JFrogセキュリティリサーチによる新たな調査によると、これらの脆弱性はCVE-2025-59358、CVE-2025-59360、CVE-2025-59361、CVE-2025-59359として追跡されています。これらはChaos Controller…
  • 0
  • 0
  • 0
  • 18h ago

CVE-2025-9447

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings
17 Sep 2025
Published
17 Sep 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
sp00ky cR0w 🏴 @cR0w

Some SOLIDWORKS CVEs for those that are interested.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-9449

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings
17 Sep 2025
Published
17 Sep 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
sp00ky cR0w 🏴 @cR0w

Some SOLIDWORKS CVEs for those that are interested.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-9450

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings
17 Sep 2025
Published
17 Sep 2025
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV

Description

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
sp00ky cR0w 🏴 @cR0w

Some SOLIDWORKS CVEs for those that are interested.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-37123

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE Aruba Networking EdgeConnect SD-WAN Gateway
16 Sep 2025
Published
17 Sep 2025
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.17%
KEV

Description

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
sp00ky cR0w 🏴 @cR0w

Oh there's more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-37125

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE Aruba Networking EdgeConnect SD-WAN Gateway
16 Sep 2025
Published
17 Sep 2025
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.03%
KEV

Description

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
sp00ky cR0w 🏴 @cR0w

Oh there's more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-37124

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE Aruba Networking EdgeConnect SD-WAN Gateway
16 Sep 2025
Published
17 Sep 2025
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.04%
KEV

Description

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 19 hours ago

Fediverse

Profile picture
sp00ky cR0w 🏴 @cR0w

Oh there's more.

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

  • 0
  • 1
  • 0
  • 19h ago

CVE-2025-53770

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016
20 Jul 2025
Published
23 Aug 2025
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
87.76%
KEV

Description

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Statistics

  • 1 Post
Last activity: 17 hours ago

Bluesky

Profile picture
piggo @pigondrugs.bsky.social
~Sophos~ New ransomware group GOLD SALEM exploits SharePoint vulnerabilities (ToolShell chain) for initial access to deploy Warlock ransomware. - IOCs: CVE-2025-49704, CVE-2025-49706, CVE-2025-53770 - #Ransomware #ThreatIntel #Warlock
  • 0
  • 0
  • 0
  • 17h ago
Showing 31 to 40 of 57 CVEs