PT-2025-28768 · Helm+2 · Helm+2

Jake-Ciolek

·

Published

2025-07-08

·

Updated

2026-04-01

·

CVE-2025-53547

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.4
Description: A specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file can be crafted to cause execution if the content were in a file that is executed, such as a bash.rc file or shell script. If the Chart.lock file is symlinked to one of these files, updating dependencies will write the lock file content to the symlinked file, leading to unwanted execution. This issue affects when dependencies are updated, for example, when helm dependency update is run.
Recommendations: For Helm versions prior to 3.18.4, ensure the Chart.lock file in a chart is not a symlink prior to updating dependencies. Update to Helm v3.18.4 to resolve the issue.

Exploit

Fix

LPE

Code Injection

Weakness Enumeration

CWE-94

Related Identifiers

AZL-64877
BDU:2025-10843
BIT-HELM-2025-53547
CLEANSTART-2026-BT39952
CLEANSTART-2026-FB05615
CLEANSTART-2026-LB23787
CLEANSTART-2026-MT27167
CLEANSTART-2026-OS42112
CLEANSTART-2026-PE63912
CVE-2025-53547
ECHO-E296-545C-BE59
GHSA-557J-XG8C-Q2MM
GO-2025-3802
OPENSUSE-SU-2025:15331-1
OPENSUSE-SU-2025:15336-1
OPENSUSE-SU-2025:15338-1
OPENSUSE-SU-2025:15341-1
OPENSUSE-SU-2025:15405-1
OPENSUSE-SU-2025:15406-1
OPENSUSE-SU-2025:15779-1
OPENSUSE-SU-2025:20117-1
OPENSUSE-SU-2026:20798-1
SUSE-SU-2025:20516-1
SUSE-SU-2025:20595-1
SUSE-SU-2025:4190-1

Affected Products

Helm
Red Os
Suse