Code Execution Vulnerability in Helm Package Manager Affects Kubernetes Deployments
CVE-2025-53547

8.5HIGH

Key Information:

Vendor: Helm
Status: Helm
Vendor: CVE Published:; 8 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-53547?

A critical vulnerability exists in Helm, a package manager for Kubernetes, prior to version 3.18.4. It allows for local code execution via a maliciously crafted Chart.yaml file linked to a Chart.lock file. When dependencies are updated, the fields in Chart.yaml can inadvertently carry over to the symlinked Chart.lock file, resulting in the execution of arbitrary commands if linked to executable files such as bash.rc or shell scripts. Although Helm issue warnings about symlinked files, it does not prevent execution, posing significant risks to Kubernetes environments. This vulnerability highlights the need for diligent sanitization of input files and proper version management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

helm < 3.18.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-53547-POC
Created by DVKunion

References

https://github.com/helm/helm/security/advisories/GHSA-557...

x_refsource_CONFIRM

https://github.com/helm/helm/commit/4b8e61093d8f579f1165c...

x_refsource_MISC

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Jul 9, 2025
👾
Exploit known to exist
Jul 9, 2025
Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 2, 2025

JSON

Helm