CVE-2025-55198

Name
CVE-2025-55198
Description
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6
CONFIRM https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68

Match rules

CPE URI Source package Min version Max version
helm >= 0 < 3.18.5
cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* helm >= None < 3.18.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
helm edge-community 3.16.3-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.1-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.2-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.3-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.3-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.4-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.4-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.16.3-r5 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.18.4-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.4-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.18.4-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.18.4-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable