Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes.
Three of these flaws carry a maximum CVSS 3.1 score of 9.8, enabling any pod in the cluster to run arbitrary commands or inject faults in other pods without authentication.
Even unprivileged workloads can exploit these issues to steal service account tokens, escalate privileges, and ultimately take over the entire cluster.
Vulnerability Details and Affected Versions
The four Chaotic Deputy CVEs affect Chaos Mesh versions earlier than 2.7.3. CVE-2025-59358 permits unauthenticated access to the GraphQL playground and query endpoint, leading to denial-of-service and unauthorized fault injections.
The remaining three flaws stem from unsafe command construction in three GraphQL mutations—cleanTcs, killProcesses, and cleanIptables enabling OS command injection on any targeted pod.
Users of managed services such as Azure Chaos Studio for AKS are also impacted if they rely on affected Chaos Mesh releases.
| CVE ID | Severity | Impact | CVSS 3.1 Score | Description |
| CVE-2025-59358 | High | Unauthenticated GraphQL access, DoS | 7.5 | Missing authentication on GraphQL playground/query |
| CVE-2025-59359 | Critical | OS command injection via cleanTcs | 9.8 | Unsafe string concatenation in cleanTcs resolver |
| CVE-2025-59360 | Critical | OS command injection via killProcesses | 9.8 | Arbitrary kill command construction |
| CVE-2025-59361 | Critical | OS command injection via cleanIptables | 9.8 | Improper sanitization in cleanIptables resolver |
To exploit Chaotic Deputy, an attacker needs in-cluster network access, a scenario common in multi-tenant environments or compromised pods.
Once inside, querying the unprotected GraphQL endpoint on port 10082 reveals the available fault injection mutations.
Attackers can invoke shutdown or network interruption commands to disrupt services or inject shell commands to steal secrets.
For example, a single GraphQL mutation can shut down the Kubernetes API server pod, causing a cluster-wide denial-of-service.
Detection requires verifying deployed Chaos Mesh images and the controller manager port. Run:
kubectl get pods -A --selector app.kubernetes.io/name=chaos-mesh -o=jsonpath="{range .items[*]}{.metadata.name}{': '}{range .spec.containers[*]}{.image}{', '}{end}{'n'}{end}"
kubectl describe pod chaos-controller-manager -n chaos-mesh | grep "CTRL_ADDR:"If the image version is older than 2.7.3 and the port 10082 is exposed, your cluster is vulnerable.
The recommended mitigation is immediate upgrade to Chaos Mesh 2.7.3, where authentication is enforced and unsafe command concatenations are fixed.
For environments where upgrading is not yet feasible, re-deploy Chaos Mesh with the control server disabled:
helm install chaos-mesh chaos-mesh/chaos-mesh -n=chaos-mesh
--version 2.7.x --set enableCtrlServer=falseThis disables the GraphQL server and prevents external fault injections until you can apply the official patch.
Continuous monitoring for anomalous GraphQL requests and restricting network access to the controller service further reduces risk.
Chaotic Deputy highlights the inherent danger of exposing powerful fault injection interfaces without proper safeguards.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
