Researchers have found critical vulnerabilities in Chaos-Mesh, a popular platform that Kubernetes cluster owners use to simulate the impact of bugs and faults on their deployments. If exploited, the Chaos-Mesh flaws could give attackers who have access to unprivileged pods the ability to execute commands on other pods and even take over the entire cluster.
Tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361, and CVE-2025-59359, the flaws have been collectively dubbed Chaotic Deputy by researchers from security firm JFrog who found them. Three are command injection flaws with critical severity (CVSS 9.8) and can be exploited even in default configurations of Chaos-Mesh.
“Platforms such as Chaos-Mesh give, by design, dangerous API privileges to certain pods that in cases of abuse can gain complete control of the Kubernetes cluster,” the JFrog researchers warned in their report. “This potential abuse can become a critical risk when vulnerabilities such as Chaotic Deputy are discovered.”
Users are advised to upgrade to Chaos-Mesh 2.7.3 or to use a workaround through Helm chart to disable the chaosctl tool and port. Some cloud infrastructure providers that offer Chaos-Mesh implementations as part of their managed Kubernetes Services, such as Azure Chaos Studio, are also impacted.
Injecting faults for denial of service
Chaos-Mesh was designed to orchestrate fault scenarios that could impact infrastructure and applications. The researchers observed that one core component of Chaos-Mesh, the Controller Manager, exposed a GraphQL server that didn’t enforce authentication for queries.
As a result, an attacker with network access on the cluster, even via an unprivileged pod, could send commands to the Chaos Daemon component through Controller Manager to inject faults.
One built-in command, or “mutation,” called killProcesses can shut down processes on other pods, including important ones such as the Kubernetes storage provisioner pod or the API server pod. If these pods are disabled, the entire cluster suffers a denial of service.
OS command injection and lateral movement
Some mutations, such as cleanTcs, killProcesses, and cleanIptables, allow appended shell commands to execute on targeted pods. Attackers can use this functionality to perform OS command injections and achieve lateral movement by extracting Service Account Tokens from those pods.
The Chaos Daemon mounts each pod’s filesystem under a /proc/<PID>/root file path to facilitate executing commands on them. An attacker in control of the Chaos Daemon can simply cycle through the PIDs of all pods to extract their Service Account Tokens, which are stored at a specific path in their filesystems: /proc/<PID>/root/var/run/secrets/kubernetes.io/serviceaccount/token. These tokens can then be used with the Kubernetes kubectl tool to execute arbitrary commands on them.
“We recommend Chaos-Mesh users to upgrade swiftly since these vulnerabilities are extremely easy to exploit and lead to total cluster takeover while having only cluster network access,” the researchers said.
No Responses