CVE-2025-53547 PoC — Helm 代码注入漏洞

Source

https://github.com/DVKunion/CVE-2025-53547-POC

Associated Vulnerability

Title:Helm 代码注入漏洞 (CVE-2025-53547)
Description:Helm是CNCF基金会的一款Kubernetes包管理器。 Helm 3.18.4之前版本存在代码注入漏洞，该漏洞源于特制的Chart.yaml和Chart.lock文件可能导致本地代码执行。

Description

CVE-2025-53547 one of poc code

Readme

# CVE-2025-53547 POC

this is a poc for CVE-2025-53547

`Chart.lock` links test file to /tmp/1.txt

/tmp/1.txt inject a command that create /tmp/2.txt

In real product enviroment, you can change `Chart.lock` link file to inject any command you want such as:

* /root/.bash_rc
* /root/.bash_profile
* /etc/profile
......

or any can run shell script file.

then change the `Chart.yaml` dependency repository url params to run other command.

## Usage

helm <= 3.18.3


first run

```bash
helm dependency update
```

then you'll find `/tmp/1.txt` 

then run

```bash
bash /tmp/1.txt
```

then you'll find `/tmp/2.txt`


## Reference

https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm
https://github.com/helm/helm/compare/v3.18.3...v3.18.4

File Snapshot


 [4.0K]  /data/pocs/13c73bac84bd0a138bd0b9de3a28de9f80accfd7
├── [  10]  Chart.lock -> /tmp/1.txt
├── [ 423]  Chart.yaml
└── [ 756]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!