{"id":"AZL-66315","summary":"CVE-2025-55198 affecting package helm for versions less than 3.14.2-9","details":"Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.","modified":"2026-04-01T05:20:56.710501Z","published":"2025-08-14T00:15:26Z","upstream":["CVE-2025-55198"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55198"}],"affected":[{"package":{"name":"helm","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/helm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.2-9"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66315.json"}}],"schema_version":"1.7.5"}