Multiple CVEs in the Chaos-Mesh platform have been discovered, including three critical vulnerabilities that allow in-cluster attackers to run arbitrary code on any pod, even in the default configuration.
According to new research by JFrog Security Research, the flaws are tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. They affect the Chaos Controller Manager and expose a GraphQL debug server that accepts unauthenticated queries.
JFrog’s analysis, published on Tuesday, shows the controller exposes a ClusterIP GraphQL endpoint on port 10082 that, by default, does not enforce authentication for the /query path.
Attackers with network access inside a cluster can call GraphQL mutations to trigger native fault injections, such as killing processes and modifying iptables.
“Platforms such as Chaos-Mesh give, by design, complete control of the Kubernetes cluster to the platform,” said Shachar Menashe, VP of security research at JFrog.
“This flexibility can become a critical risk when vulnerabilities such as Chaotic Deputy are discovered.”
The three critical CVEs (CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359) each have a CVSS score of 9.8 and allow straightforward OS command injection because user input is concatenated directly into shell commands executed via the platform’s ExecBypass routine.
Read more on attacks targeting GraphQL: AI Surge Drives Record 1205% Increase in API Vulnerabilities
How Attackers Can Exploit Chaotic Deputy
The Controller Manager can instruct the Chaos Daemon to run commands on other pods.
Using exposed namespaces under /proc//root and the nsexec helper, an attacker can copy service account tokens from target pods into their own pod, thereby escalating privileges cluster-wide.
Demonstrations include executing a killProcesses mutation against kube-apiserver and copying tokens via a crafted cleanTcs request. Managed offerings that integrate Chaos-Mesh, such as Azure Chaos Studio, may also be affected.
Key affected elements include:
-
Exposed GraphQL /query endpoint on port 10082
-
Command-building in cleanTcs, killProcesses, cleanIptables resolvers
-
Ability to access other pods’ files via /proc based nsexec
Patches, Workarounds and Security Response
Users are urged to upgrade to Chaos-Mesh 2.7.3 immediately.
“We recommend that Chaos-Mesh users upgrade swiftly since these vulnerabilities are extremely easy to exploit and lead to total cluster takeover,” Menashe added.
“We also want to offer our thanks to the Chaos-Mesh maintainers for their rapid response and collaboration in addressing these critical security issues.”
As a temporary workaround, redeploying the Helm chart with the control server disabled will reduce exposure.
The report concludes that while external exploitation requires cluster network access, in-cluster compromises are common enough to make these vulnerabilities highly dangerous and easy to exploit.
