cve 2025 53547

About this tag
CVE-2025-53547 is a high-severity vulnerability in Helm, the Kubernetes package manager, that allows local code execution through a symlink attack in the Chart.lock file. The flaw arises when a malicious chart manipulates fields in Chart.yaml, which are then carried into Chart.lock. If an attacker can make Chart.lock a symlink to an executable target—such as a shell startup file—a routine dependency update can overwrite that target with attacker-controlled content, leading to code execution in normal developer workflows. This supply-chain-adjacent vulnerability was fixed in Helm v3.18.4 and demands immediate remediation, especially in CI/CD pipelines. Discussions on WindowsForum cover the technical details, impact, and mitigation steps for CVE-2025-53547.
  1. Helm CVE-2025-53547: Symlink in Chart.lock Enables Local Code Execution

    A deceptively small flaw in Helm’s dependency update path can let a malicious chart turn a routine developer action into local code execution — an issue tracked as CVE-2025-53547 and fixed in Helm v3.18.4. The bug hinges on how fields from a crafted Chart.yaml are carried into Chart.lock and how...