PT-2025-33104 · Helm+1 · Helm+1

Jake-Ciolek

Published

2025-08-13

Updated

2026-04-20

CVE-2025-55199

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5

Description: Helm, a package manager for Kubernetes Charts, is susceptible to a denial-of-service issue. A crafted JSON Schema file can cause Helm to exhaust available memory, leading to an out-of-memory (OOM) termination. This occurs when the $ref field in values.schema.json points to a device or problematic file, such as /dev/zero.

Recommendations: Helm versions prior to 3.18.5 should be updated to version 3.18.5 or later. Ensure all Helm charts loaded into Helm do not have any reference of $ref pointing to /dev/zero.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

AZL-66318

BDU:2025-11274

BIT-HELM-2025-55199

CLEANSTART-2026-BT39952

CLEANSTART-2026-FB05615

CLEANSTART-2026-LB23787

CLEANSTART-2026-MT27167

CLEANSTART-2026-OS42112

CLEANSTART-2026-PE63912

CVE-2025-55199

ECHO-48A3-DCB9-730D

GHSA-9H84-QMV7-982P

GO-2025-3887

OPENSUSE-SU-2025:15469-1

OPENSUSE-SU-2026:10318-1

OPENSUSE-SU-2026:10319-1

OPENSUSE-SU-2026:20655-1

SUSE-SU-2026:1483-1

SUSE-SU-2026:21434-1

SUSE-SU-2026:21461-1

SUSE-SU-2026:21628-1

SUSE-SU-2026:21635-1

Affected Products

Helm

Red Os

PT-2025-33104 · Helm+1 · Helm+1

CVE-2025-55199

Weakness Enumeration

Related Identifiers

Affected Products

References · 99