CVE-2025-55199 – This vulnerability in Helm allows attackers to ... (How to Fix)

📋 TL;DR

This vulnerability in Helm allows attackers to craft malicious JSON Schema files that cause Helm to consume all available memory, leading to out-of-memory (OOM) termination and denial of service. It affects all users running Helm versions prior to 3.18.5 when processing untrusted Helm charts. The issue is triggered through specially crafted $ref pointers in JSON Schema files.

💻 Affected Systems

Products:

Helm

Versions: All versions prior to 3.18.5

Operating Systems: All platforms running Helm

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when processing Helm charts containing JSON Schema files with malicious $ref pointers.

📦 What is this software?

Helm by Helm

View all CVEs affecting Helm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service on Kubernetes clusters using Helm, causing Helm processes to crash and potentially disrupting deployments and operations.

🟠

Likely Case

Local denial of service affecting individual Helm operations when processing malicious charts, requiring process restart.

🟢

If Mitigated

Minimal impact with proper input validation and chart source verification in place.

🌐 Internet-Facing: MEDIUM - Exploitable if Helm processes charts from untrusted internet sources, but requires chart ingestion.

🏢 Internal Only: MEDIUM - Internal users with chart creation privileges could cause denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to create or modify Helm charts with malicious JSON Schema files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.18.5

Vendor Advisory: https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p

Restart Required: No

Instructions:

1. Check current Helm version: helm version
2. Upgrade to Helm 3.18.5 or later:
- For binary install: Download from https://github.com/helm/helm/releases
- For package manager: Use appropriate update command for your system
3. Verify upgrade: helm version

🔧 Temporary Workarounds

Validate chart JSON Schema files

all

Ensure all Helm charts being loaded do not contain $ref pointers to /dev/zero or other problematic references in JSON Schema files.

# Manual inspection of chart JSON Schema files
# Check for $ref: "/dev/zero" or similar patterns

🧯 If You Can't Patch

Implement strict chart source verification and only use charts from trusted repositories
Monitor Helm processes for abnormal memory consumption and implement resource limits

🔍 How to Verify

Check if Vulnerable:

Check Helm version: helm version | grep -E 'v3\.(0-17|18\.(0-4))' - if matches, vulnerable

Check Version:

helm version

Verify Fix Applied:

Verify Helm version is 3.18.5 or later: helm version | grep 'v3\.18\.5'

📡 Detection & Monitoring

Log Indicators:

Helm process termination with out-of-memory errors
Abnormal memory consumption spikes in Helm processes

Network Indicators:

Unusual chart downloads from untrusted sources

SIEM Query:

process.name:"helm" AND (memory.usage > 90% OR termination.reason:"OOM")

📊 Metadata

CVE ID: CVE-2025-55199

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.01% exploit probability (1.4th percentile)

Published: August 14, 2025

Last Updated: August 21, 2025

🔗 References

https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5 Patch
https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55199, you might also want to check these: