6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-55199

GHSA ID

GHSA-9h84-qmv7-982p

EPSS Score

CWE

CWE-770

Published

8/14/2025

Updated

8/14/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-55199

CVE-2025-55199: Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination.

Impact

A malicious chart can point $ref in values.schema.json to a device (e.g. /dev/*) or other problem file which could cause Helm to use all available memory and have an out of memory (OOM) termination.

Patches

This issue has been resolved in Helm v3.18.5.

Workarounds

Make sure that all Helm charts that are being loaded into Helm doesn't have any reference of $ref pointing to /dev/zero.

References

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-55199

GHSA ID

GHSA-9h84-qmv7-982p

EPSS Score

CWE

CWE-770

Published

8/14/2025

Updated

8/14/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
helm.sh/helm/v3	go	<= 3.18.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the JSON schema validation logic of Helm, where a malicious chart's _values.schema.json could cause a denial-of-service attack. The root cause was the use of the github.com/xeipuuv/gojsonschema library, which improperly handled $ref fields. An attacker could craft a schema with a $ref pointing to a device file like /dev/zero. When Helm performs an action that validates the chart values (e.g., helm install, helm lint), the ValidateAgainstSingleSchema function would be called. This function, using the vulnerable library, would then attempt to resolve the $ref, leading to an attempt to read an infinite stream of data from the device file, consuming all available memory and causing the Helm client to crash.

The patch addresses this by migrating to a different JSON schema validation library, github.com/santhosh-tekuri/jsonschema/v6, in the ValidateAgainstSingleSchema function. This new library presumably handles $refs more securely, preventing them from resolving to arbitrary and dangerous file paths. The ValidateAgainstSchema function is the entry point that triggers this validation for a chart and its sub-charts, making it a key part of the vulnerable call chain.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* **lm *ontri*utor *is*ov*r** t**t it w*s possi*l* to *r**t * JSON S***m* *il* in * m*nn*r w*i** *oul* **us* **lm to us* *ll *v*il**l* m*mory *n* **v* *n out o* m*mory (OOM) t*rmin*tion. ### Imp**t * m*li*ious ***rt **n point `$r**` in _v*lu*s.s***m

Reasoning

T** vuln*r**ility li*s in t** JSON s***m* v*li**tion lo*i* o* **lm, w**r* * m*li*ious ***rt's `_v*lu*s.s***m*.json` *oul* **us* * **ni*l-o*-s*rvi** *tt**k. T** root **us* w*s t** us* o* t** `*it*u*.*om/x*ipuuv/*ojsons***m*` li*r*ry, w*i** improp*rly

6.5

Basic Information

Concerned about an active attack path?

CVE-2025-55199: Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Impact

Patches

Workarounds

References

Credits

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI