Last Week in AppSec for 15. July 2025

Here are some AppSec news items you might have missed in the last week.

The Kubernetes package manager Helm has a high-severity Code Injection vulnerability CVE-2025-53547. An adversary could link Chart.lock to an executable file, then craft a Chart.yaml file that, when processed during a Helm dependency upgrade, would write arbitrary content to that executable file via the Chart.lock link. Next time that file is executed, the attacker’s code runs. Likelihood is relatively low, as most pathways to this attack would require an attacker to have equivalent privileges; however, in some automated environments, this could lead to an effective privilege escalation or lateral movement.
The Conductor open-source microservices workflow orchestrator is vulnerable to a Remote Code Execution (CVE-2025-26074) in its default mode of operation. Vitali Barysevich explains in detail, but the “tl;dr” is this can be mitigated by running the “Nashorn” component of Conductor with the --no-java flag, as the root cause is access to Java classes from user-facing JavaScript. Without this mitigation (or some very careful input filtering), an adversary can supply arbitrary Java code as part of an Inline task (a lightweight Conductor task type).

Don’t miss out on news!

Kubernetes Code Injection (CVE-2025-53547)

The Kubernetes package manager Helm has a high-severity Code Injection vulnerability CVE-2025-53547. An adversary could link Chart.lock to an executable file, then craft a Chart.yaml file that, when processed during a Helm dependency upgrade, would write arbitrary content to that executable file via the Chart.lock link. Next time that file is executed, the attacker’s code runs. Likelihood is relatively low, as most pathways to this attack would require an attacker to have equivalent privileges; however, in some automated environments, this could lead to an effective privilege escalation or lateral movement.

An attacker would have to have access to build scripts or the executing environment, with sufficient privileges to create a symlinked Chart.lock file; simply modifying the Chart.yaml is insufficient. In most cases, an attacker with that level of access wouldn’t gain much from this attack; however, if an attacker encounters a server where Helm performs dependency upgrades is poorly configured, or can create this condition through access to automation scripts or configurations, it could result in lateral movement or privilege escalation.

Interestingly, the Helm code in question already issued a warning about the Chart.lock file being a symlink; the patch in v3.18.4 makes this warning into an error.

Conductor OSS workflow orchestrator Remote Code Execution

The Conductor open-source microservices workflow orchestrator is vulnerable to a Remote Code Execution (CVE-2025-26074) in its default mode of operation. Vitali Barysevich explains in detail, but the “tl;dr” is this can be mitigated by running the “Nashorn” component of Conductor with the --no-java flag, as the root cause is access to Java classes from user-facing JavaScript. Without this mitigation (or some very careful input filtering), an adversary can supply arbitrary Java code as part of an Inline task (a lightweight Conductor task type).

Conductor is a toolkit for orchestrating microservice environments, orignally developed at Netflix. The detailed explanation is worth a read, but the vulnerability is fairly straightforward: it’s an injection flaw. It’s a litle unusual in that the injection flaw uses a JavaScript engine to call an underlying Java service, but it’s a familiar weakness for AppSec practitioners.

As the researcher says: “Never, ever expose Conductor OSS to the Internet — it’s not designed for public access.” But even if this service isn’t exposed to the public Internet, an attacker who already has some access in your environment could use this flaw to gain a powerful opportunity to move laterally within it. Upgrade to at least v3.21.13 to repair.