24h | 7d | 30d

Overview

  • github.com/chaos-mesh/chaos-mesh

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.48%

KEV

Description

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes
cluster takeover
jfrog.com/blog/chaotic-deputy-

JFrog Security Research recently discovered and disclosed multiple CVEs in the
highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs,
which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360,
CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are
critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by
in-cluster attackers to run arbitrary code on any pod in the cluster, even in
the default configuration of Chaos-Mesh.

Users of Chaos-Mesh are recommended to upgrade Chaos-Mesh to the fixed version
– 2.7.3, as soon as possible. If you are unable to upgrade your Chaos-Mesh
version, see our “Workarounds” section below. Some infrastructures that use
Chaos-Mesh are also affected by these vulnerabilities, for example Azure Chaos
Studio. In this technical blogpost, we will delve deeper into the inner
workings of the Chaos-Mesh platform and explain the issues that led to these
vulnerabilities.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
Chaos-Meshの重大なCVEによりクラスタ内コード実行が可能に Chaos-Meshプラットフォームに複数のCVEが発見されており、その中には、デフォルト設定でもクラスタ内の攻撃者が任意のPod上でコードを実行できる3つの重大な脆弱性が含まれています。 JFrogセキュリティリサーチによる新たな調査によると、これらの脆弱性はCVE-2025-59358、CVE-2025-59360、CVE-2025-59361、CVE-2025-59359として追跡されています。これらはChaos Controller…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • github.com/chaos-mesh/chaos-mesh

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes
cluster takeover
jfrog.com/blog/chaotic-deputy-

JFrog Security Research recently discovered and disclosed multiple CVEs in the
highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs,
which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360,
CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are
critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by
in-cluster attackers to run arbitrary code on any pod in the cluster, even in
the default configuration of Chaos-Mesh.

Users of Chaos-Mesh are recommended to upgrade Chaos-Mesh to the fixed version
– 2.7.3, as soon as possible. If you are unable to upgrade your Chaos-Mesh
version, see our “Workarounds” section below. Some infrastructures that use
Chaos-Mesh are also affected by these vulnerabilities, for example Azure Chaos
Studio. In this technical blogpost, we will delve deeper into the inner
workings of the Chaos-Mesh platform and explain the issues that led to these
vulnerabilities.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
Chaos-Meshの重大なCVEによりクラスタ内コード実行が可能に Chaos-Meshプラットフォームに複数のCVEが発見されており、その中には、デフォルト設定でもクラスタ内の攻撃者が任意のPod上でコードを実行できる3つの重大な脆弱性が含まれています。 JFrogセキュリティリサーチによる新たな調査によると、これらの脆弱性はCVE-2025-59358、CVE-2025-59360、CVE-2025-59361、CVE-2025-59359として追跡されています。これらはChaos Controller…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • github.com/chaos-mesh/chaos-mesh

15 Sep 2025
Published
15 Sep 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
0.48%

KEV

Description

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

Statistics

  • 2 Posts

Last activity: 18 hours ago

Fediverse

Profile picture

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes
cluster takeover
jfrog.com/blog/chaotic-deputy-

JFrog Security Research recently discovered and disclosed multiple CVEs in the
highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs,
which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360,
CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are
critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by
in-cluster attackers to run arbitrary code on any pod in the cluster, even in
the default configuration of Chaos-Mesh.

Users of Chaos-Mesh are recommended to upgrade Chaos-Mesh to the fixed version
– 2.7.3, as soon as possible. If you are unable to upgrade your Chaos-Mesh
version, see our “Workarounds” section below. Some infrastructures that use
Chaos-Mesh are also affected by these vulnerabilities, for example Azure Chaos
Studio. In this technical blogpost, we will delve deeper into the inner
workings of the Chaos-Mesh platform and explain the issues that led to these
vulnerabilities.

  • 0
  • 0
  • 0
  • 21h ago

Bluesky

Profile picture
Chaos-Meshの重大なCVEによりクラスタ内コード実行が可能に Chaos-Meshプラットフォームに複数のCVEが発見されており、その中には、デフォルト設定でもクラスタ内の攻撃者が任意のPod上でコードを実行できる3つの重大な脆弱性が含まれています。 JFrogセキュリティリサーチによる新たな調査によると、これらの脆弱性はCVE-2025-59358、CVE-2025-59360、CVE-2025-59361、CVE-2025-59359として追跡されています。これらはChaos Controller…
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings

17 Sep 2025
Published
17 Sep 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

An Out-Of-Bounds Read vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings

17 Sep 2025
Published
17 Sep 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

A Use After Free vulnerability affecting the PAR file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted PAR file.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Overview

  • Dassault Systèmes
  • SOLIDWORKS eDrawings

17 Sep 2025
Published
17 Sep 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.02%

KEV

Description

A Use of Uninitialized Variable vulnerability affecting the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025 could allow an attacker to execute arbitrary code while opening a specially crafted JT file.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE Aruba Networking EdgeConnect SD-WAN Gateway

16 Sep 2025
Published
17 Sep 2025
Updated

CVSS v3.1
HIGH (8.8)
EPSS
0.17%

KEV

Description

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE Aruba Networking EdgeConnect SD-WAN Gateway

16 Sep 2025
Published
17 Sep 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.03%

KEV

Description

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Overview

  • Hewlett Packard Enterprise (HPE)
  • HPE Aruba Networking EdgeConnect SD-WAN Gateway

16 Sep 2025
Published
17 Sep 2025
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.04%

KEV

Description

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 19 hours ago

Overview

  • Microsoft
  • Microsoft SharePoint Enterprise Server 2016

20 Jul 2025
Published
23 Aug 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
87.76%

Description

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
~Sophos~ New ransomware group GOLD SALEM exploits SharePoint vulnerabilities (ToolShell chain) for initial access to deploy Warlock ransomware. - IOCs: CVE-2025-49704, CVE-2025-49706, CVE-2025-53770 - #Ransomware #ThreatIntel #Warlock
  • 0
  • 0
  • 0
  • 17h ago
Showing 31 to 40 of 57 CVEs