US EditionChaos Mesh Critical GraphQL Flaws Enable RCE And Full Kubernetes Cluster Takeover - Cybernoz - Cybersecurity News
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.6 Articles
6 Articles
The JFrog Security Research team has identified and exposed several critical vulnerabilities in Chaos-Mesh, a widely used testing platform in Kubernetes environments. The vulnerabilities have been summarized under the name "Chaotic Deputy" (CVE-2025-59358, CVE-2025-59359, CVE-2025-59360 and CVE-2025-59361), with the last three having a CVSS rating of 9.8 each. They allow attackers with access within the cluster, complete control over the environ…
Chaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to Takeover
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes. Three of these flaws carry a maximum CVSS 3.1 score of 9.8, enabling any pod in the cluster to run arbitrary commands or inject […] The post Chaos Mesh Critical Vulnerabilities Expose Ku…
JFrog security researchers discover four vulnerabilities in the popular testing platform – three of them with CVSS score 9.8. An immediate update to version 2.7.3 is highly recommended. JFrog's security research team has discovered four critical vulnerabilities in Chaos Mesh, a widely used testing platform for Kubernetes environments. The vulnerabilities summarized under the name "Chaotic Deputy" (CVE-2025-59358, CVE-2025-59359, CVE-2025-59360 a…
Chaos-Mesh flaws put Kubernetes clusters at risk of full takeover
Researchers have found critical vulnerabilities in Chaos-Mesh, a popular platform that Kubernetes cluster owners use to simulate the impact of bugs and faults on their deployments. If exploited, the Chaos-Mesh flaws could give attackers who have access to unprivileged pods the ability to execute commands on other pods and even take over the entire cluster. Tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361, and CVE-2025-59359, the flaws h…
Chaos Mesh Critical GraphQL Flaws Enable RCE And Full Kubernetes Cluster Takeover - Cybernoz - Cybersecurity News
Sep 16, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), a…
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. "Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform's fault injections (such as shutting down pods or disrupting network communications), and perform
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium