Skip to main content
HashnodeNextGenTech

Command Palette

Search for a command to run...

Critical Chaos Mesh Vulnerabilities Could Enable Kubernetes Cluster Takeover

Published
2 min read
Critical Chaos Mesh Vulnerabilities Could Enable Kubernetes Cluster Takeover
S
Sarah

Cybersecurity researchers have disclosed several critical vulnerabilities in Chaos Mesh, an open-source cloud-native Chaos Engineering platform, that could allow attackers to take over Kubernetes clusters.

According to JFrog, an attacker with minimal in-cluster network access can exploit the flaws to execute fault injections like shutting down pods or disrupting network communications, and potentially steal privileged service account tokens.

The Vulnerabilities

JFrog highlighted the following critical flaws in Chaos Controller Manager:

  • CVE-2025-59358 (CVSS 7.5): Exposes a GraphQL debugging server without authentication, allowing arbitrary process termination and cluster-wide denial-of-service.

  • CVE-2025-59359 (CVSS 9.8): OS command injection in the cleanTcs mutation.

  • CVE-2025-59360 (CVSS 9.8): OS command injection in the killProcesses mutation.

  • CVE-2025-59361 (CVSS 9.8): OS command injection in the cleanIptables mutation.

An attacker can chain these vulnerabilities to achieve remote code execution across the cluster, even under the default configuration of Chaos Mesh.

Root Cause and Risks

The flaws stem from insufficient authentication in the Chaos Controller Manager’s GraphQL server, enabling unauthenticated attackers to run arbitrary commands on the Chaos Daemon. Threat actors could then exfiltrate sensitive data, disrupt services, or move laterally to escalate privileges within the cluster.

Remediation

Following responsible disclosure on May 6, 2025, Chaos Mesh released version 2.7.3 on August 21 to address all identified issues.

Users are advised to:

  • Update to Chaos Mesh 2.7.3 immediately.

  • Restrict network traffic to the Chaos Mesh daemon and API server if patching is delayed.

  • Avoid running Chaos Mesh in open or loosely secured environments.

“Platforms such as Chaos Mesh give complete control of the Kubernetes cluster by design. This flexibility can become a critical risk when vulnerabilities such as Chaotic Deputy are discovered,” said Shachar Menashe, VP of Security Research at JFrog.

#chaosmesh#kubernetessecurity#clustertakeover

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

NextGenTech

45 posts