Helm Flaw (CVE-2025-53547): Local Code Execution via Malicious Chart.yaml & Symlinks

The Helm project—the popular Kubernetes package manager—has released a critical security advisory for CVE-2025-53547, a high-severity vulnerability that allows for local code execution when updating chart dependencies. With a CVSS score of 8.5, this flaw affects Helm users running versions 3.18.3 and below, and is now patched in v3.18.4.

“A specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated,” Helm disclosed in its advisory.

At the core of this issue is the way Helm processes chart metadata during dependency updates. The Chart.yaml file contains fields that are carried over to Chart.lock when dependencies are refreshed using helm dependency update. However, if a malicious actor provides crafted YAML content and links the Chart.lock file to a sensitive executable file (like .bashrc or a shell script), the update process can unintentionally overwrite the linked file with attacker-controlled content.

“If the Chart.lock file is symlinked to one of these files, updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution,” the Helm team warns.

This can result in arbitrary code execution in the user’s local environment—especially dangerous for developers using Helm as part of automated DevOps pipelines or CI/CD tooling.

The vulnerability affects the following Helm command workflows:

• helm dependency update — actively vulnerable
• helm dependency build — not directly exploitable unless a lock file already exists
• Helm SDK — vulnerable when the Manager in the downloader package performs a dependency update

Developers integrating Helm via SDKs should be especially cautious, as backend processes may trigger dependency updates automatically.

The vulnerability impacts Helm versions ≤ 3.18.3. It has been fixed in Helm v3.18.4.

In the patched version, Helm no longer follows symbolic links when writing the Chart.lock file, mitigating the possibility of unintentional execution.

Related Posts:

• Critical Misconfiguration in Bitnami Pgpool Enables Unauthenticated PostgreSQL Access (CVE-2025-22248)
• Google Warns: Dependency Scanners Often Misreport Vulnerabilities
• OpenAI Codex Unleashed: Internet Access & Pro Features for Developers

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy