平台
kubernetes
组件
helm
修复版本
3.18.5
CVE-2025-53547 affects Helm, a package manager for Kubernetes Charts, prior to version 3.18.4. This vulnerability allows an attacker to achieve local code execution by crafting a malicious Chart.yaml file and linking it with a Chart.lock file during dependency updates. Affected versions include Helm installations equal to or less than 3.18.4. A fix is available in version 3.18.4.
The vulnerability stems from how Helm handles dependencies and updates Chart.lock files. An attacker can create a Chart.yaml file containing malicious content within specific fields. When Helm updates dependencies and writes the Chart.lock file, this malicious content is transferred. If the Chart.lock file is then symlinked to a file that is executed (like a bash.rc or shell script), the attacker can trigger arbitrary code execution on the system. This represents a significant risk, potentially allowing attackers to gain control of Kubernetes clusters and the underlying infrastructure. The blast radius extends to any system where the compromised Helm chart is deployed or managed.
This vulnerability was publicly disclosed on 2025-07-08. There is currently no indication of active exploitation in the wild, but the availability of a proof-of-concept could change this. The vulnerability is not currently listed on the CISA KEV catalog. The potential for remote code execution makes this a high-priority vulnerability to address.
Kubernetes administrators and developers using Helm to manage their applications are at risk. Specifically, those using older versions of Helm (≤ 3.18.4) and those who allow untrusted users to contribute to Helm charts are particularly vulnerable. Shared Kubernetes clusters and environments with limited access controls also increase the risk.
• linux / server:
find /var/lib/helm/charts -name Chart.lock -type f -exec grep -i 'malicious_content' {} + • linux / server:
journalctl -u helm -f | grep -i 'dependency update' • generic web:
Inspect Helm chart repositories for suspicious Chart.yaml files. Look for unusual characters or commands within the dependencies section.
disclosure
漏洞利用状态
EPSS
0.01% (0% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation is to upgrade Helm to version 3.18.4 or later. Before upgrading, assess the potential impact on existing deployments and consider a staged rollout. If an immediate upgrade is not feasible, restrict access to Helm repositories and carefully review any charts before installation. Consider implementing a Web Application Firewall (WAF) or proxy to inspect Helm chart contents for suspicious patterns. Monitor Helm logs for unusual activity, particularly during dependency updates. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unexpected file modifications in the Chart.lock file location is recommended.
Actualice Helm a la versión 3.18.4 o superior. Esto corrige la vulnerabilidad que permite la ejecución de código local mediante la manipulación de archivos Chart.yaml y Chart.lock.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-53547 is a high-severity vulnerability in Helm versions 3.18.4 and earlier that allows for local code execution through crafted Chart.yaml and Chart.lock files during dependency updates.
You are affected if you are using Helm version 3.18.4 or earlier. Check your Helm version and upgrade immediately if necessary.
Upgrade Helm to version 3.18.4 or later to mitigate this vulnerability. Prior to upgrading, test the upgrade in a non-production environment.
There is currently no evidence of active exploitation, but the availability of a proof-of-concept increases the risk.
Refer to the official Helm security advisory for detailed information and updates: [https://github.com/helm/helm/security/advisories/GHSA-xxxx-xxxx-xxxx](Replace with actual advisory URL when available)