Chaos Mesh Vulnerabilities Enable Kubernetes Cluster Takeover
Summary
Hide ▲
Show ▼
Multiple critical vulnerabilities in Chaos Mesh, an open-source cloud-native Chaos Engineering platform, could enable remote code execution and full Kubernetes cluster takeover. The flaws, collectively named Chaotic Deputy, allow attackers with minimal in-cluster network access to execute arbitrary commands, steal tokens, and disrupt services. The issues stem from insufficient authentication in the Chaos Controller Manager's GraphQL server. Exploitation could lead to data exfiltration, service disruption, and lateral movement within the cluster. All vulnerabilities were patched in Chaos Mesh version 2.7.3, released on August 21, 2025. Chaos Mesh is an incubating project within the Cloud Native Computing Foundation (CNCF). The vulnerabilities were discovered by researchers at JFrog, who found that the flaws could facilitate access to Kubernetes service tokens across multiple pods, enabling privilege escalation and potential cluster takeover. The vulnerabilities are tied to the cleanTcs fault injection mechanism and can be exploited by attackers with initial access to execute arbitrary OS commands on any pod within the cluster.
Timeline
-
16.09.2025 19:23 2 articles · 13d ago
Chaos Mesh vulnerabilities disclosed and patched
On May 6, 2025, multiple critical vulnerabilities in Chaos Mesh were disclosed. These vulnerabilities, collectively named Chaotic Deputy, allow for remote code execution and full Kubernetes cluster takeover. The issues were patched in Chaos Mesh version 2.7.3, released on August 21, 2025. The vulnerabilities are tied to the cleanTcs fault injection mechanism and can be exploited by attackers with initial access to execute arbitrary OS commands on any pod within the cluster. The flaws could facilitate access to Kubernetes service tokens across multiple pods, enabling privilege escalation and potential cluster takeover. The Chaos Controller Manager handles scheduling and execution of chaos experiments, and the vulnerabilities were discovered by researchers at JFrog.
Show sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
Information Snippets
-
Chaos Mesh is an open-source cloud-native Chaos Engineering platform.
First reported: 16.09.2025 19:232 sources, 2 articlesShow sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities, collectively named Chaotic Deputy, include four CVEs.
First reported: 16.09.2025 19:232 sources, 2 articlesShow sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
CVE-2025-59358 (CVSS 7.5) allows killing arbitrary processes in any Kubernetes pod, leading to cluster-wide denial-of-service.
First reported: 16.09.2025 19:232 sources, 2 articlesShow sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
CVE-2025-59359 (CVSS 9.8), CVE-2025-59360 (CVSS 9.8), and CVE-2025-59361 (CVSS 9.8) involve command injection vulnerabilities in the Chaos Controller Manager.
First reported: 16.09.2025 19:232 sources, 2 articlesShow sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
An attacker with in-cluster network access can chain these vulnerabilities to perform remote code execution across the cluster.
First reported: 16.09.2025 19:232 sources, 2 articlesShow sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities were patched in Chaos Mesh version 2.7.3, released on August 21, 2025.
First reported: 16.09.2025 19:232 sources, 2 articlesShow sources
- Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover — thehackernews.com — 16.09.2025 19:23
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The Chaos Controller Manager in Chaos Mesh handles scheduling and execution of chaos experiments.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
Chaos Mesh is an incubating project within the Cloud Native Computing Foundation (CNCF).
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities in Chaos Mesh were discovered by researchers at JFrog.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities are tied to the cleanTcs fault injection mechanism.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities allow attackers with initial access to execute arbitrary OS commands on any pod within the cluster.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities can facilitate access to Kubernetes service tokens across multiple pods.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
The vulnerabilities can be exploited to escalate privileges and potentially take over an entire Kubernetes cluster.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
Chaos Mesh is one of several chaos engineering tools that let organizations test resilience by simulating failures and disruptions.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
-
Attackers can gain a foothold in a Kubernetes cluster through WAN-facing pods susceptible to remote code execution or server-side request forgery vulnerabilities.
First reported: 16.09.2025 23:351 source, 1 articleShow sources
- Critical Bugs in Chaos Mesh Enable Cluster Takeover — www.darkreading.com — 16.09.2025 23:35
Similar Happenings
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS Attacks
The ShadowV2 botnet targets misconfigured Docker containers on Amazon Web Services (AWS) to deploy a Go-based malware, turning infected systems into nodes for a distributed denial-of-service (DDoS) botnet. This botnet is available for rent to conduct DDoS attacks, employing advanced techniques such as HTTP/2 Rapid Reset and bypassing Cloudflare's Under Attack mode. The botnet was detected on June 24, 2025, and is believed to be part of a DDoS-for-Hire service. The botnet uses a Python-based C2 framework hosted on GitHub Codespaces and a Go-based remote access trojan (RAT) for command execution and communication. The malware first spawns a generic setup container from an Ubuntu image, installs necessary tools, and then builds and deploys a live container. This approach may help avoid leaving forensic artifacts on the victim machine. The malware communicates with a C2 server to receive commands and conduct attacks. The botnet's dynamic container deployment allows highly configurable attacks while concealing activity behind cloud-native architecture. The botnet targets 24,000 IP addresses with port 2375 open, though not all are exploitable. The malware sends a heartbeat signal to the C2 server every second and polls for new attack commands every five seconds. The botnet is actively used, with observed commands to launch attacks against at least one website.
Microsoft September 2025 Patch Tuesday addresses 81 vulnerabilities, including two zero-days
Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed flaw and eight critical vulnerabilities. The updates fix a range of issues, including privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The patches also cover a critical flaw in Azure Networking and address a new lateral movement technique dubbed BitLockMove. Additionally, security updates have been released by multiple vendors, including Adobe, Cisco, Google, and others. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. The two zero-day vulnerabilities are CVE-2025-55234 in Windows SMB Server and CVE-2024-21907 in Microsoft SQL Server. The SMB vulnerability is exploited through relay attacks, while the SQL Server flaw involves improper handling of exceptional conditions in Newtonsoft.Json. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing to assess compatibility issues. The KB5065429 cumulative update for Windows 10 22H2 and 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update enables auditing SMB client compatibility for SMB Server signing and SMB Server EPA, and includes an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. CVE-2025-55234 is an elevation of privilege vulnerability with a CVSS score of 8.8. CVE-2025-54918 in Windows NT LAN Manager (NTLM) is marked as critical and has a CVSS score of 8.8. CVE-2025-54111 and CVE-2025-54913 are EoP vulnerabilities in Windows UI XAML. CVE-2025-55232 in the Microsoft High Performance Compute (HPC) Pack has a CVSS score of 9.8. CVE-2025-54916 in Windows NTFS has a CVSS score of 7.8 and can be exploited through SMB or local parsing routines. Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. The update improves the servicing stack, updating Windows 10 22H2 systems to build 19045.6396. The update includes fixes and quality improvements from the KB5065429 cumulative update, enabling support for IT administrators to deploy hardening measures for SMB. The update addresses an issue causing non-admin users to receive unexpected User Account Control (UAC) prompts and fixes delays or uneven audio and video performance issues with Network Device Interface (NDI) streaming. Microsoft will stop providing security updates for Windows 10 after October 14, 2025, and the Extended Security Updates (ESU) program is available for Windows 10 users to delay the switch to Windows 11. Individual customers in the European Economic Area (EEA) can enroll in the ESU program for free.
Critical vulnerabilities in SAP NetWeaver and related products addressed
SAP has released security updates addressing multiple vulnerabilities, including three critical flaws in NetWeaver and a high-severity issue in S/4HANA. The most severe, CVE-2025-42944, allows unauthenticated attackers to execute arbitrary OS commands via an insecure deserialization vulnerability in the RMI-P4 module. The second critical flaw, CVE-2025-42922, enables authenticated attackers to upload arbitrary files, potentially leading to full system compromise. The third critical vulnerability, CVE-2025-42958, allows unauthorized high-privileged users to access sensitive data and administrative functions. Additionally, a high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916) was patched, which could permit attackers to delete the content of arbitrary database tables. These vulnerabilities affect SAP NetWeaver, the foundation for various business applications like ERP, CRM, SRM, and SCM, widely deployed in large enterprise networks. The RMI-P4 port, used for internal SAP-to-SAP communication, may be exposed to wider networks due to misconfigurations. SAP products are frequent targets for high-value compromises due to their handling of mission-critical data. Earlier this month, a critical code injection vulnerability (CVE-2025-42957) was exploited in S/4HANA, Business One, and NetWeaver products. SAP has also updated security notes for other high-severity vulnerabilities in Business One, Landscape Transformation Replication Server, and S/4HANA.
SAP S/4HANA Command Injection Vulnerability CVE-2025-42957 Exploited in the Wild
A critical command injection vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is actively exploited in the wild. The flaw allows attackers with low-privileged user access to execute arbitrary ABAP code, potentially leading to full system compromise. The vulnerability affects both on-premise and Private Cloud editions of SAP S/4HANA. The flaw was patched in SAP's August 2025 updates, but exploitation has been observed. SecurityBridge Threat Research Labs, BleepingComputer, and Pathlock have reported active exploitation. Organizations are advised to apply patches, monitor logs for suspicious RFC calls or new admin users, implement SAP's Unified Connectivity framework (UCON) to restrict RFC usage, and take additional security measures to mitigate the risk.
WeepSteel Malware Deployed via Sitecore Zero-Day Exploit
Threat actors have exploited a zero-day vulnerability in Sitecore Experience Manager (XM) and Experience Platform (XP) to deliver WeepSteel malware. The flaw, tracked as CVE-2025-53690, affects versions prior to 9.0 and was exploited using a sample machine key from outdated deployment guides. The attack involved ViewState deserialization, internal reconnaissance, and the deployment of various open-source tools for persistence and lateral movement. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch the vulnerability by September 25, 2025. The vulnerability has a CVSS score of 9.0, indicating critical severity. The vulnerability was addressed by Sitecore, which has provided mitigation guidance and indicators of compromise (IoCs). The attacks were quickly disrupted, but they highlight the risks associated with using default or outdated configuration settings in web applications. The WeepSteel malware, a .NET assembly, enables the harvesting of system, network, and user information, which is then encrypted and exfiltrated to the attackers. The attackers also performed extensive reconnaissance and established multiple methods of persistence, including creating local administrator accounts and using Remote Desktop Protocol (RDP) for access. The flaw is not a bug in ASP.NET itself, but a misconfiguration vulnerability created by reusing publicly documented keys that were never meant for production. The attackers targeted the '/sitecore/blocked.aspx' endpoint, which contains an unauthenticated ViewState field, and achieved RCE under the IIS NETWORK SERVICE account. The malicious payload dropped was WeepSteel, a reconnaissance backdoor that gathers system, process, disk, and network information, disguising its exfiltration as standard ViewState responses. The attackers executed reconnaissance commands including whoami, hostname, tasklist, ipconfig /all, and netstat -ano. They also deployed Earthworm (a network tunneling and reverse SOCKS proxy), Dwagent (a remote access tool), and 7-Zip (for creating archives of stolen data). The attackers escalated privileges by creating local administrator accounts ('asp$', 'sawadmin'), cached credentials dumping, and attempted token impersonating via GoTokenTheft. Persistence was secured by disabling password expiration for these accounts, giving them RDP access, and registering Dwagent as a SYSTEM service. CVE-2025-53690 impacts Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud, up to version 9.0, when deployed using the sample ASP.NET machine key included in pre-2017 documentation. XM Cloud, Content Hub, CDP, Personalize, OrderCloud, Storefront, Send, Discover, Search, and Commerce Server are not impacted. Sitecore published a security bulletin in coordination with Mandiant's report, warning that multi-instance deployments with static machine keys are also at risk. The recommended actions for potentially impacted administrators are to immediately replace all static <machineKey> values in web.config with new, unique keys, and ensure the <machineKey> element inside web.config is encrypted. It is recommended to adopt regular static machine key rotation as an ongoing security measure. The exploitation of CVE-2025-53690 is part of a broader trend of ViewState attacks this year, including vulnerabilities in Gladinet's CentreStack, ConnectWise, and Microsoft SharePoint Server.