CVE-2025-55198
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-14

Last updated on: 2025-08-21

Assigner: GitHub, Inc.

Description
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-14
Last Modified
2025-08-21
Generated
2026-05-27
AI Q&A
2025-08-14
EPSS Evaluated
2026-05-25
NVD
CVE-2025-55198
EUVD
EUVD-2025-24646
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
helm helm to 3.18.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Helm versions prior to 3.18.5 is caused by improper validation of input types when parsing YAML files like Chart.yaml and index.yaml. Specifically, if certain fields such as maintainer entries or import-values in dependencies are null or not strings as expected, Helm can panic (crash) during processing. Similarly, empty entries in index.yaml can also cause a panic. This happens because Helm does not properly check that the YAML content matches the expected types, leading to runtime errors. [1, 2]


How can this vulnerability impact me? :

This vulnerability can cause Helm to panic and crash when processing malformed or improperly typed YAML files, leading to disruption of Helm operations. Since Helm is used to manage Kubernetes charts, this can impact availability by interrupting deployment or management workflows. The vulnerability requires no privileges but does require user interaction and can be triggered over the network with low complexity. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by running Helm commands that parse Chart.yaml and index.yaml files and observing if a panic occurs. Specifically, running `helm lint` on charts with potentially malformed YAML files (e.g., with null maintainer fields or improper types in import-values) can trigger the panic. Checking Helm repository interactions that load index.yaml files with empty entries can also reveal the issue. There are no explicit commands provided, but using `helm lint` on suspect charts is a practical detection method. [2]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Helm to version 3.18.5 or later, where the vulnerability is fixed. As a workaround, ensure that all YAML files (Chart.yaml and index.yaml) strictly conform to Helm's expected formatting, avoiding null or improperly typed fields before processing them with Helm. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart