CVE-2025-55198

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5

Description: Helm is a package manager for Charts for Kubernetes. An improper validation of type error when parsing Chart.yaml and index.yaml files can lead to a panic. This issue impacts YAML validation where a Chart.yaml file has a null maintainer or the child or parent of a dependencies import-values can be parsed as something other than a string, causing helm lint to panic. Additionally, an empty entry in the list of chart versions within an index.yaml can cause Helm to panic.

Recommendations: Update to Helm version 3.18.5 or later. Ensure YAML files are formatted as Helm expects prior to processing them with Helm.

Exploit

Fix

DoS

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

AZL-66315

BDU:2025-11272

BIT-HELM-2025-55198

CLEANSTART-2026-BT39952

CLEANSTART-2026-FB05615

CLEANSTART-2026-LB23787

CLEANSTART-2026-MT27167

CLEANSTART-2026-OS42112

CLEANSTART-2026-PE63912

CVE-2025-55198

ECHO-DAE0-C4A3-662C

GHSA-F9F8-9PMF-XV68

GO-2025-3888

OPENSUSE-SU-2025:15469-1

Affected Products

Helm

Red Os

CVE-2025-55198

Weakness Enumeration

Related Identifiers

Affected Products

References · 92