CVE-2025-59360 is a critical vulnerability classified under CWE-78, which pertains to improper neutralization of special elements used in OS commands, commonly known as OS command injection. This vulnerability exists in the killProcesses mutation of the Chaos Controller Manager, a component likely used in container orchestration or cluster management environments. The flaw allows an attacker to inject arbitrary OS commands due to insufficient input sanitization or validation before executing system-level commands. When combined with CVE-2025-59358, this vulnerability enables unauthenticated attackers within the cluster to achieve remote code execution (RCE) across the entire cluster. The CVSS v3.1 score of 9.8 reflects the critical nature of this vulnerability, highlighting that it requires no privileges (PR:N), no user interaction (UI:N), and can be exploited remotely over the network (AV:N). The impact on confidentiality, integrity, and availability is high, as attackers can execute arbitrary commands, potentially leading to full system compromise, data exfiltration, or disruption of services. The vulnerability affects version 0 of the Chaos Controller Manager, indicating it may be present in initial or early releases of the software. No patches are currently linked, and no known exploits in the wild have been reported yet, but the severity and ease of exploitation make it a significant threat to environments using this software.

For European organizations, especially those relying on Kubernetes or similar container orchestration platforms that integrate the Chaos Controller Manager, this vulnerability poses a severe risk. Successful exploitation could lead to widespread compromise of container clusters, resulting in unauthorized access to sensitive data, disruption of critical services, and potential lateral movement within enterprise networks. Given the increasing adoption of cloud-native technologies and microservices architectures across Europe, organizations in sectors such as finance, healthcare, telecommunications, and government are particularly vulnerable. The ability for unauthenticated attackers to execute arbitrary commands without user interaction amplifies the threat, potentially allowing attackers to bypass traditional perimeter defenses. The impact extends beyond individual organizations to supply chains and service providers hosting multi-tenant environments, increasing the risk of cascading failures or breaches affecting multiple customers.

Immediate mitigation steps include isolating and restricting access to the Chaos Controller Manager component within clusters, employing network segmentation to limit exposure, and monitoring for unusual command execution patterns or anomalous cluster behavior. Organizations should prioritize deploying patches or updates once available from the vendor or maintainers of the Chaos Controller Manager. In the absence of official patches, applying temporary workarounds such as disabling the killProcesses mutation or restricting its invocation to trusted users or service accounts can reduce risk. Implementing strict input validation and sanitization at the application layer, along with runtime security controls like container runtime security tools and behavior anomaly detection, can help detect and prevent exploitation attempts. Additionally, enforcing the principle of least privilege for cluster components and regularly auditing cluster configurations will further reduce the attack surface. Finally, organizations should prepare incident response plans specific to container and cluster compromises to enable rapid containment and remediation.