High severityNVD Advisory· Published Jul 8, 2025· Updated Feb 26, 2026
Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
CVE-2025-53547
Description
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
helm.sh/helm/v3Go | >= 3.18.0-rc.1, < 3.18.4 | 3.18.4 |
helm.sh/helm/v3Go | < 3.17.4 | 3.17.4 |
Affected products
1Patches
12 files changed · +107 −0
pkg/downloader/manager.go+14 −0 modified@@ -851,6 +851,20 @@ func writeLock(chartpath string, lock *chart.Lock, legacyLockfile bool) error { lockfileName = "requirements.lock" } dest := filepath.Join(chartpath, lockfileName) + + info, err := os.Lstat(dest) + if err != nil && !os.IsNotExist(err) { + return fmt.Errorf("error getting info for %q: %w", dest, err) + } else if err == nil { + if info.Mode()&os.ModeSymlink != 0 { + link, err := os.Readlink(dest) + if err != nil { + return fmt.Errorf("error reading symlink for %q: %w", dest, err) + } + return fmt.Errorf("the %s file is a symlink to %q", lockfileName, link) + } + } + return os.WriteFile(dest, data, 0644) }
pkg/downloader/manager_test.go+93 −0 modified@@ -23,8 +23,10 @@ import ( "path/filepath" "reflect" "testing" + "time" "github.com/stretchr/testify/assert" + "sigs.k8s.io/yaml" chart "helm.sh/helm/v4/pkg/chart/v2" "helm.sh/helm/v4/pkg/chart/v2/loader" @@ -672,3 +674,94 @@ func TestDedupeRepos(t *testing.T) { }) } } + +func TestWriteLock(t *testing.T) { + fixedTime, err := time.Parse(time.RFC3339, "2025-07-04T00:00:00Z") + assert.NoError(t, err) + lock := &chart.Lock{ + Generated: fixedTime, + Digest: "sha256:12345", + Dependencies: []*chart.Dependency{ + { + Name: "fantastic-chart", + Version: "1.2.3", + Repository: "https://example.com/charts", + }, + }, + } + expectedContent, err := yaml.Marshal(lock) + assert.NoError(t, err) + + t.Run("v2 lock file", func(t *testing.T) { + dir := t.TempDir() + err := writeLock(dir, lock, false) + assert.NoError(t, err) + + lockfilePath := filepath.Join(dir, "Chart.lock") + _, err = os.Stat(lockfilePath) + assert.NoError(t, err, "Chart.lock should exist") + + content, err := os.ReadFile(lockfilePath) + assert.NoError(t, err) + assert.Equal(t, expectedContent, content) + + // Check that requirements.lock does not exist + _, err = os.Stat(filepath.Join(dir, "requirements.lock")) + assert.Error(t, err) + assert.True(t, os.IsNotExist(err)) + }) + + t.Run("v1 lock file", func(t *testing.T) { + dir := t.TempDir() + err := writeLock(dir, lock, true) + assert.NoError(t, err) + + lockfilePath := filepath.Join(dir, "requirements.lock") + _, err = os.Stat(lockfilePath) + assert.NoError(t, err, "requirements.lock should exist") + + content, err := os.ReadFile(lockfilePath) + assert.NoError(t, err) + assert.Equal(t, expectedContent, content) + + // Check that Chart.lock does not exist + _, err = os.Stat(filepath.Join(dir, "Chart.lock")) + assert.Error(t, err) + assert.True(t, os.IsNotExist(err)) + }) + + t.Run("overwrite existing lock file", func(t *testing.T) { + dir := t.TempDir() + lockfilePath := filepath.Join(dir, "Chart.lock") + assert.NoError(t, os.WriteFile(lockfilePath, []byte("old content"), 0644)) + + err = writeLock(dir, lock, false) + assert.NoError(t, err) + + content, err := os.ReadFile(lockfilePath) + assert.NoError(t, err) + assert.Equal(t, expectedContent, content) + }) + + t.Run("lock file is a symlink", func(t *testing.T) { + dir := t.TempDir() + dummyFile := filepath.Join(dir, "dummy.txt") + assert.NoError(t, os.WriteFile(dummyFile, []byte("dummy"), 0644)) + + lockfilePath := filepath.Join(dir, "Chart.lock") + assert.NoError(t, os.Symlink(dummyFile, lockfilePath)) + + err = writeLock(dir, lock, false) + assert.Error(t, err) + assert.Contains(t, err.Error(), "the Chart.lock file is a symlink to") + }) + + t.Run("chart path is not a directory", func(t *testing.T) { + dir := t.TempDir() + filePath := filepath.Join(dir, "not-a-dir") + assert.NoError(t, os.WriteFile(filePath, []byte("file"), 0644)) + + err = writeLock(filePath, lock, false) + assert.Error(t, err) + }) +}
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-557j-xg8c-q2mmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-53547ghsaADVISORY
- github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571ghsax_refsource_MISCWEB
- github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mmghsax_refsource_CONFIRMWEB
- news.ycombinator.com/itemghsaWEB
News mentions
0No linked articles in our index yet.