CVE-2025-32387

Summary

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.

Affected Software

VendorProductVersion RangeStatus
helmhelm< 3.17.3affected

Weaknesses

  • CWE-121: CWE-121: Stack-based Buffer Overflow
  • CWE-674: CWE-674: Uncontrolled Recursion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References