Cybersecurity researchers have disclosed multiple critical vulnerabilities in Chaos Mesh, the open-source cloud-native chaos engineering platform for Kubernetes, that could enable a cluster takeover if exploited. In a report shared by JFrog, attackers would need only minimal in-cluster network access to trigger the platform’s fault injections – such as shutting down pods or disrupting network communications – and could steal privileged service account tokens.
Officials said the flaws – collectively dubbed Chaotic Deputy – stem from insufficient authentication on the Chaos Controller Manager’s GraphQL server, allowing unauthenticated actors to issue commands on the Chaos Daemon and potentially gain control of the cluster. The disclosure highlights the risk posed by unauthenticated GraphQL access to powerful in-cluster capabilities, which could be leveraged to perform remote code execution across the Kubernetes environment.
The issues are tracked as four CVEs:
• CVE-2025-59358 (CVSS score: 7.5) – The Chaos Controller Manager exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, providing an API to kill arbitrary processes in any pod, potentially causing cluster-wide denial of service.
• CVE-2025-59359 (CVSS score: 9.8) – The cleanTcs mutation in Chaos Controller Manager is vulnerable to operating system command injection.
• CVE-2025-59360 (CVSS score: 9.8) – The killProcesses mutation in Chaos Controller Manager is vulnerable to operating system command injection.
• CVE-2025-59361 (CVSS score: 9.8) – The cleanIptables mutation in Chaos Controller Manager is vulnerable to operating system command injection.
An in-cluster attacker with initial access to the cluster network could chain these vulnerabilities to perform remote code execution across the entire cluster, even when Chaos Mesh is running in its default configuration. The vulnerabilities could enable data exfiltration, disruption of critical services, or lateral movement to escalate privileges.
Chaos Mesh said the flaws stem from insufficient authentication within the GraphQL server, enabling unauthenticated attackers to run arbitrary commands on the Chaos Daemon and potentially achieve cluster takeover. The company and researchers emphasized the importance of promptly applying fixes and implementing network controls to mitigate the risk.
Following responsible disclosure on May 6, 2025, Chaos Mesh released version 2.7.3 on August 21, 2025. Administrators are advised to update to the latest release as soon as feasible. If immediate patching is not possible, it is recommended to restrict network traffic to the Chaos Mesh daemon and API server and avoid running Chaos Mesh in open or loosely secured environments.
For readers seeking additional context, the disclosures and remediation guidance were reported in connection with the JFrog analysis and accompanying advisories. The newer release aims to close the authentication gaps and harden access to the GraphQL server.