CNNVD-202507-1186 Information
CNNVD ID
CNNVD-202507-1186
Related CVE
- CNNVD Published: 2025-07-08
Description (Chinese)
Helm是CNCF基金会的一款Kubernetes包管理器。 Helm 3.18.4之前版本存在代码注入漏洞,该漏洞源于特制的Chart.yaml和Chart.lock文件可能导致本地代码执行。
Description (English)
Helm is a Kubernetes package manager of the CNCF Foundation. Prior to the Helm 3.18.4, there was a code-infusion loophole, which originated from a specially designed Chat.yaml and Chat.lock file that could lead to local code implementation.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
CNI
Published
2025-07-08
Last Modified
2026-02-24
References
https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571 https://vigilance.fr/vulnerability/Helm-code-execution-via-Chart-yaml-Chart-lock-File-48024 https://access.redhat.com/security/cve/cve-2025-53547 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html
Patch
https://github.com/helm/helm/releases
Share on: