What is the CVSS score of CVE-2025-53547?

CVE-2025-53547 has a CVSS 3.1 base score of 8.5 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Kubernetes are affected by CVE-2025-53547?

Organizations using Helm face significant risk from CVE-2025-53547, a code injection vulnerability rated CVSS 8.5.. A patch is available.

How to fix or mitigate CVE-2025-53547?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Kubernetes CVE-2025-53547

EUVD-2025-20751 HIGH

Code Injection (CWE-94)

2025-07-08 security-advisories@github.com

GHSA-557j-xg8c-q2mm

RCE Kubernetes Code Injection Debian Red Hat Helm Suse

8.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 04:21 euvd

EUVD-2025-20751

Analysis Generated

Mar 16, 2026 - 04:21 vuln.today

Patch released

Mar 16, 2026 - 04:21 nvd

Patch available

CVE Published

Jul 08, 2025 - 22:15 nvd

HIGH 8.5

DescriptionNVD

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.

Analysis

Technical ContextAI

Remote code execution allows an attacker to run arbitrary commands or code on the target system over a network without prior authentication. This vulnerability is classified as Code Injection (CWE-94).

RemediationAI

A vendor patch is available — apply it immediately. Apply vendor patches immediately. Restrict network access to vulnerable services. Implement network segmentation and monitoring for anomalous activity.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

Vendor StatusVendor

Debian

Bug #910799

helm-kubernetes

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2025-53547 vulnerability details – vuln.today

Back