A deceptively small flaw in Helm’s dependency update path can let a malicious chart turn a routine developer action into local code execution — an issue tracked as CVE-2025-53547 and fixed in Helm v3.18.4. The bug hinges on how fields from a crafted Chart.yaml are carried into Chart.lock and how...
