CVE-2025-59361 is a critical OS command injection vulnerability in the Chaos Controller Manager component of Chaos Mesh, specifically in the GraphQL cleanIptables mutation used to clean up iptables rules after network chaos experiments. The vulnerable code path concatenates attacker-controlled input into a shell command of the form "iptables -F <chain>" and passes it for execution without proper sanitization or validation. Because shell metacharacters are not safely handled, an attacker able to supply the chain parameter can inject arbitrary commands. Public reporting indicates this mutation is reachable through the controller's GraphQL server, and in default vulnerable deployments that server was exposed on an unauthenticated /query endpoint within the cluster. In conjunction with CVE-2025-59358, this flaw can be used by an unauthenticated attacker with in-cluster network access to execute arbitrary commands across the Kubernetes cluster.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
One of four serious Chaos Mesh vulnerabilities in the Chaos Controller Manager GraphQL server caused by inadequate authentication, contributing to potential Kubernetes cluster takeover.
A critical OS command injection vulnerability in Chaos-Mesh that allows in-cluster attackers to inject arbitrary shell commands through GraphQL fault-injection mutations, enabling arbitrary code execution on any pod and facilitating service account token theft and full cluster takeover.
A critical OS command injection vulnerability in Chaos Mesh's Chaos Controller Manager cleanIptables mutation that can enable remote code execution in Kubernetes environments.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.