CVE-2025-55198

Medium CVSS: 6.5

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

Vendor

Helm

Product

Helm

CWE

CWE-908

Yayın Tarihi

2025-08-14 00:15:26

Güncelleme

2025-08-21 21:28:21

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-908 Helm MEDIUM Helm 2025

Referanslar

https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6 https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68

Benzer Kayıtlar

Medium

CVE-2025-55199

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file…

High

CVE-2025-53547

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a s…

Medium

CVE-2025-32386

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly…

Medium

CVE-2025-32387

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nest…