CVE-2025-55199

Published: Aug 13, 2025

Modified: Aug 14, 2025

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

Vendor	Product	Versions
helm	helm	affected `< 3.18.5`

Weaknesses (CWE)

CWE-770

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p

x_refsource_CONFIRM

https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55199

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References