CVE-2025-55199Allocation of Resources Without Limits or Throttling in Helm

CWE-770Allocation of Resources Without Limits or Throttling7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 98.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HelmHelm.sh Helm V3
Timeline
PublishedAug 14
Latest updateAug 18

Description

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5helm/helm< 3.18.5
NVDhelm/helm< 3.18.5
Gohelm.sh/helm_v3< 3.18.5

Patches

Patch: github.com

🔴Vulnerability Details

4
OSV
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion in helm.sh/helm2025-08-18
GHSA
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion2025-08-14
OSV
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion2025-08-14
CVEList
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion2025-08-13

📋Vendor Advisories

2
Red Hat
helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service2025-08-13
Microsoft
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion2025-08-12
CVE-2025-55199 — Helm vulnerability | cvebase