Use of Uninitialized Resource in github.com/helm/helm

CVE-2025-55198

github.com/helm/helm
github.com/helm/helm/v3
github.com/helm/helm/v4
helm/helm
helm.sh/helm
helm.sh/helm/v3
helm.sh/helm/v4
helm.sh/helm/v3/v3
k8s.io/Helm
k8s.io/helm/v3

Medium

6.5/10

Summary

Helm is a package manager for Charts for Kubernetes. In versions prior to 3.18.5, when parsing `Chart.yaml` and `index.yaml` files, an improper validation of type error can lead to a panic. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-908 - Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

References

Advisory
Release Note
Advisory

Advisory Timeline

Published Aug 14, 2025

Use of Uninitialized Resource in github.com/helm/helm

CVE-2025-55198

Summary

CWE-908 - Use of Uninitialized Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS