Critical Bugs in Chaos Mesh Enable Cluster Takeover

Chaos engineering platforms, which organizations use to introduce controlled failures and test system resilience, can be broken into and used to carry out real-world attacks.

Such is the case with a set of four serious vulnerabilities that researchers at JFrog recently discovered in Chaos Mesh that give attackers a way to take over entire Kubernetes clusters.

Chaotic Deputy Vulnerabilities

Chaos Mesh lets organizations inject fault scenarios into Kubernetes environments to test the robustness of pods, networks, and other components and to help identify potential weak spots. The cloud-native, open source platform is an incubating project within the Cloud Native Computing Foundation (CNCF), a designation that signals its adoption, stability, and readiness for production environments.

JFrog decided to investigate Chaos Mesh because of its ability to simulate faults across entire Kubernetes clusters. The company’s analysis focused on a component called Chaos Controller Manager, which handles the scheduling and execution of chaos experiments. The component includes different controllers, like a Workflow Controller, Scheduler Controller, and other fault-specific controllers, that work together to run and manage chaos experiments. The complexity of Chaos Controller Manager and the fact that it lacked any official documentation on how it worked in turn prompted JFrog researchers to inspect it for vulnerabilities.

Related:SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management

Their analysis unearthed not just one, but four separate vulnerabilities, which they have collectively dubbed “Chaotic Deputy.”

JFrog assessed three of the vulnerabilities — CVE-2025-59360, CVE-2025-59361, and CVE-2025-59359 — as critical (CVSS 9.8). All three are command injection flaws that allow an attacker with initial access to a Kubernetes cluster to execute arbitrary OS commands on any pod within the cluster. The security vendor found the flaws facilitating access to Kubernetes service tokens across multiple pods, which an attacker — even someone running within an unprivileged pod — could then use to escalate privileges and potentially take over an entire Kubernetes cluster. JFrog tied the vulnerabilities to cleanTcs, (a fault injection for testing system resiliency) that did not properly sanitize user input.

The other Chaotic Deputy vulnerability that JFrog discovered — CVE-2025-59358 (CVSS 7.5) — is relatively less severe and enables an attacker to trigger a denial-of-service condition across an entire cluster.

A Very Attractive Target

“Platforms such as Chaos Mesh give, by design, dangerous API privileges to certain pods that in cases of abuse can gain complete control of the Kubernetes cluster,” JFrog application security researcher Natan Nehorai wrote in JFrog’s advisory. “This potential abuse can become a critical risk when vulnerabilities such as Chaotic Deputy are discovered.”

Related:F5 to Acquire CalypsoAI for Advanced AI Security Capabilities

JFrog reported the vulnerabilities to the Chaos Mesh development team in early May and a repaired software version (2.7.3) became available Aug. 21. JFrog recommends that organizations using the technology upgrade to the new version as soon as possible. The security vendor’s advisory contains a workaround for those that cannot do so immediately.

Chaos Mesh is one of several chaos engineering tools that let organizations safely break their systems to test resilience. Other options such as LitmusChaos and Gremlin also allow organizations to do the same thing by simulating pod failures, network disruptions, and resource stress.  

The goal in using these tools is to spot hidden security weaknesses and test recovery plans in a proactive and controlled manner. But they can also be attractive to adversaries looking for a way into a target network. “The problem with chaos engineering platforms is that, by design, they have access to the entire cluster, at least for fault injection,” Shachar Menashe, vice president of security research at JFrog, says in comments to Dark Reading. “So, they are in fact a very high value target for attackers.”

Related:Southeast Asian Scam Centers Face More Financial Sanctions

JFrog is in the process of disclosing similar flaws in other chaos engineering platforms and will publish information after the coordinated disclosure process ends, Menashe says.

The Chaotic Deputy flaws that JFrog reported to Chaos Mesh require attackers to have prior access to a Kubernetes cluster. But such access happens pretty commonly, Menashe says. Attackers can usually gain a foothold since there are WAN-facing pods in a Kubernetes cluster. “These pods can be susceptible to [remote code execution] or [server side request forgery] vulnerabilities, which would give attackers a foothold in the cluster,” he says. “The recommendation is to monitor the security of WAN-facing pods much more closely,” using SCA and SAST analysis and penetration testing.

When procuring a chaos engineering platform, it’s a good idea to look at its supplied API. It’s also wise to ensure the platform doesn’t support running code on arbitrary pods as a feature. Instead, Menashe says, any fault injection for testing system resilience should only produce a denial-of-service condition.