CVE-2025-32387

Description

A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow. ### Impact A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. ### Patches This issue has been resolved in Helm v3.17.3. ### Workarounds Ensure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB. ### For more information Helm's security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document. ### Credits Disclosed by Jakub Ciolek at AlphaSense.

Affected packages (3)

• Bitnami/helmfrom 0, < 3.17.3
• Go/helm.sh/helm/v3from 0, < 3.17.3
• Go/helm.sh/helm/v3from 0, < 3.17.3

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-32387
• PATCHhttps://github.com/helm/helm
• WEBhttps://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
• WEBhttps://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92