CVE-2025-55199
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
6.5
MEDIUM
CVSS 3.1
EPSS 0.02%
Description
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
How to fix CVE-2025-55199
To remediate CVE-2025-55199, upgrade the affected package to a fixed version below.
- —upgrade to 3.18.5 or later
- —no fix listed
- —upgrade to 3.18.5 or later
- —upgrade to 3.18.5 or later
Is CVE-2025-55199 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 3.18.5
- from 0
- from 0, < 3.18.5
- from 0, < 3.18.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |