VYPR
Moderate severityNVD Advisory· Published Aug 13, 2025· Updated Aug 14, 2025

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

CVE-2025-55199

Description

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
helm.sh/helm/v3Go
< 3.18.53.18.5

Affected products

565

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.