You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 53547
About this tag
CVE-2025-53547 is a high-severity vulnerability in Helm, the Kubernetes package manager, that allows local code execution through a symlink attack in the Chart.lock file. The flaw arises when a malicious chart manipulates fields in Chart.yaml, which are then carried into Chart.lock. If an attacker can make Chart.lock a symlink to an executable target—such as a shell startup file—a routine dependency update can overwrite that target with attacker-controlled content, leading to code execution in normal developer workflows. This supply-chain-adjacent vulnerability was fixed in Helm v3.18.4 and demands immediate remediation, especially in CI/CD pipelines. Discussions on WindowsForum cover the technical details, impact, and mitigation steps for CVE-2025-53547.
A deceptively small flaw in Helm’s dependency update path can let a malicious chart turn a routine developer action into local code execution — an issue tracked as CVE-2025-53547 and fixed in Helm v3.18.4. The bug hinges on how fields from a crafted Chart.yaml are carried into Chart.lock and how...