{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-55198", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-08-08T21:55:07.964Z", "datePublished": "2025-08-13T23:23:56.780Z", "dateUpdated": "2025-08-14T14:50:32.593Z"}, "containers": {"cna": {"title": "Helm May Panic Due To Incorrect YAML Content", "problemTypes": [{"descriptions": [{"cweId": "CWE-908", "lang": "en", "description": "CWE-908: Use of Uninitialized Resource", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68"}, {"name": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6", "tags": ["x_refsource_MISC"], "url": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6"}], "affected": [{"vendor": "helm", "product": "helm", "versions": [{"version": "< 3.18.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-13T23:23:56.780Z"}, "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm."}], "source": {"advisory": "GHSA-f9f8-9pmf-xv68", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T13:41:00.963620Z", "id": "CVE-2025-55198", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T14:50:32.593Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-55198", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-14T13:41:00.963620Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T13:41:03.814Z"}}], "cna": {"title": "Helm May Panic Due To Incorrect YAML Content", "source": {"advisory": "GHSA-f9f8-9pmf-xv68", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "helm", "product": "helm", "versions": [{"status": "affected", "version": "< 3.18.5"}]}], "references": [{"url": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68", "name": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6", "name": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908: Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-08-13T23:23:56.780Z"}}}, "cveMetadata": {"cveId": "CVE-2025-55198", "state": "PUBLISHED", "dateUpdated": "2025-08-14T14:50:32.593Z", "dateReserved": "2025-08-08T21:55:07.964Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-08-13T23:23:56.780Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm."}, {"lang": "es", "value": "Helm es un gestor de paquetes para Charts en Kubernetes. Antes de la versi\u00f3n 3.18.5, al analizar los archivos Chart.yaml e index.yaml, un error de validaci\u00f3n de tipo incorrecto pod\u00eda provocar un error de p\u00e1nico. Este problema se ha resuelto en Helm 3.18.5. Una soluci\u00f3n alternativa consiste en asegurarse de que los archivos YAML tengan el formato esperado por Helm antes de procesarlos."}], "id": "CVE-2025-55198", "lastModified": "2025-08-14T13:11:53.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-08-14T00:15:26.557", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6"}, {"source": "security-advisories@github.com", "url": "https://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", "id": "2388451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388451"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-908", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw ensure YAML files are formatted as Helm expects prior to processing them with Helm."}, "name": "CVE-2025-55198", "package_state": [{"cpe": "cpe:/a:redhat:deployment_validator_operator", "fix_state": "Fix deferred", "package_name": "dvo/deployment-validation-rhel8-operator", "product_name": "Deployment Validation Operator"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Fix deferred", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/addon-manager-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/addon-manager-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/backplane-rhel8-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/backplane-rhel9-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/cluster-proxy-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/cluster-proxy-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/hypershift-addon-rhel8-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/hypershift-addon-rhel9-operator", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/managedcluster-import-controller-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/managedcluster-import-controller-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/managed-serviceaccount-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/managed-serviceaccount-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/multicloud-manager-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/multicloud-manager-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/placement-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/placement-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/registration-operator-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/registration-operator-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/registration-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/registration-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/work-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Fix deferred", "package_name": "multicluster-engine/work-rhel9", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-agent-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-manager-rhel9", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Will not fix", "package_name": "multicluster-globalhub/multicluster-globalhub-operator-bundle", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:multicluster_globalhub", "fix_state": "Fix deferred", "package_name": "multicluster-globalhub/multicluster-globalhub-rhel9-operator", "product_name": "Multicluster Global Hub"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Out of support scope", "package_name": "openshift-service-mesh/istio-cni-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Out of support scope", "package_name": "openshift-service-mesh/pilot-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Out of support scope", "package_name": "openshift-service-mesh/proxyv2-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Out of support scope", "package_name": "openshift-service-mesh/proxyv2-rhel9", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-cni-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-must-gather-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-pilot-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-proxyv2-rhel9", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-rhel9-operator", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:service_mesh:3", "fix_state": "Fix deferred", "package_name": "openshift-service-mesh/istio-sail-operator-bundle", "product_name": "OpenShift Service Mesh 3"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-governance-policy-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-multicluster-observability-addon-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-search-v2-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/acm-volsync-addon-controller-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multicloud-integrations-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multiclusterhub-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multicluster-operators-channel-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Fix deferred", "package_name": "rhacm2/multicluster-operators-subscription-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:kueue_operator:1", "fix_state": "Fix deferred", "package_name": "kueue/kueue-rhel9", "product_name": "Red Hat Build of Kueue"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-kueue-controller-rhel8", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-kueue-controller-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/cnf-tests-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/kube-compare-artifacts-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/metallb-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/metallb-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/oc-mirror-plugin-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/oc-mirror-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-ansible-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-ansible-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-cluster-olm-operator-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-cluster-olm-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-console-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-helm-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-helm-rhel9-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-olm-catalogd-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-olm-catalogd-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-olm-rukpak-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-olm-rukpak-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-operator-sdk-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ose-operator-sdk-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "openshift4/ztp-site-generate-rhel8", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/odf-csi-addons-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Fix deferred", "package_name": "odf4/odf-csi-addons-sidecar-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/configbump-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/dashboard-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/devspaces-operator-bundle", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/devspaces-rhel9-operator", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/imagepuller-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces-tech-preview/jetbrains-ide-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/traefik-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Will not fix", "package_name": "devspaces/udi-rhel9", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-agent-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-extensions-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argocd-rhel9", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/dex-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-rhel8-operator", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/must-gather-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:trusted_application_pipeline:1", "fix_state": "Will not fix", "package_name": "rhtap-cli/rhtap-cli-rhel9", "product_name": "Red Hat Trusted Application Pipeline"}], "public_date": "2025-08-13T23:23:56Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-55198\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-55198\nhttps://github.com/helm/helm/commit/ec5f59e2db56533d042a124f5bae54dd87b558e6\nhttps://github.com/helm/helm/security/advisories/GHSA-f9f8-9pmf-xv68"], "threat_severity": "Moderate"}