Get the latest tech news

Helm local code execution via a malicious chart


A Helm contributor discovered that a specially crafted `Chart.yaml` file along with a specially linked `Chart.lock` file can lead to local code execution when dependencies are updated. ### Impac...

A Helm contributor discovered that a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. This affects the Helm SDK when the downloader Manager performs an update. Ensure the Chart.lock file in a chart is not a symlink prior to updating dependencies.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of helm

helm

Photo of CVE-2025-53547

CVE-2025-53547

Photo of local code execution

local code execution

Related news:

News photo

A quickstart eBook about Helm's essentials

News photo

College social app Fizz’s ‘serial failed retiree’ CEO steps down as founder takes helm

News photo

Would the Borderlands movie have been better with Uwe Boll at the helm? Well, he seems to think so