CVE-2025-55198

Published: Aug 13, 2025

Modified: Aug 14, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

Vendor	Product	Versions
helm	helm	affected `< 3.18.5`

Weaknesses (CWE)

CWE-908

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68

x_refsource_CONFIRM

https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55198

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References