helm security

About this tag
Helm security discussions on WindowsForum.com focus on vulnerabilities affecting the Kubernetes package manager, particularly CVE-2025-53547. This flaw involves a symlink in Chart.lock that can lead to local code execution when a malicious chart is processed during dependency updates. The issue, fixed in Helm v3.18.4, highlights risks in the software supply chain and CI/CD pipelines. Users are advised to update Helm promptly and review chart sources to mitigate such threats. The tag covers security advisories, patching guidance, and best practices for securing Helm deployments in enterprise environments.
  1. Helm CVE-2025-53547: Symlink in Chart.lock Enables Local Code Execution

    A deceptively small flaw in Helm’s dependency update path can let a malicious chart turn a routine developer action into local code execution — an issue tracked as CVE-2025-53547 and fixed in Helm v3.18.4. The bug hinges on how fields from a crafted Chart.yaml are carried into Chart.lock and how...