CVE-2025-53547
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-08

Last updated on: 2025-09-03

Assigner: GitHub, Inc.

Description
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-08
Last Modified
2025-09-03
Generated
2026-05-07
AI Q&A
2025-07-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53547
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
helm helm to 3.17.4 (exc)
helm helm From 3.18.0 (inc) to 3.18.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Helm prior to version 3.18.4 involves specially crafted Chart.yaml and Chart.lock files. When dependencies are updated, fields from Chart.yaml are carried over to Chart.lock. If the Chart.lock file is symlinked to an executable file (like a bash.rc or shell script), updating dependencies will write potentially malicious content to that executable file, leading to local code execution. Helm warns about symlinked files but does not prevent this behavior. The issue was fixed in Helm v3.18.4.


How can this vulnerability impact me? :

This vulnerability can lead to local code execution on systems using vulnerable Helm versions. An attacker who can supply a specially crafted Chart.yaml and Chart.lock file can cause arbitrary code to be executed when dependencies are updated, potentially compromising system integrity, confidentiality, and availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking for the presence of symlinked Chart.lock files that point to executable files such as bash.rc or shell scripts. Inspect your Helm charts for Chart.yaml files with unusual or specially crafted fields and verify if the Chart.lock files are symlinked to sensitive executable files. Commands like 'find . -name Chart.lock -type l -ls' can help identify symlinked Chart.lock files. Additionally, reviewing recent Helm dependency update operations and their effects on symlinked files may help detect exploitation attempts.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, upgrade Helm to version 3.18.4 or later where the issue is resolved. Avoid using symlinked Chart.lock files that point to executable files. Additionally, carefully review and sanitize Chart.yaml files before updating dependencies to prevent malicious content from being carried over to Chart.lock files. Monitoring and restricting write permissions on critical executable files can also reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart