CVE-2025-32387: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow

April 10, 2025

A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.

References

github.com/advisories/GHSA-5xqw-8hwv-wg92
github.com/helm/helm
github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92
nvd.nist.gov/vuln/detail/CVE-2025-32387

Code Behaviors & Features

Detect and mitigate CVE-2025-32387 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →