Last Week in AppSec for 15. July 2025

This AppSec roundup highlights two significant vulnerabilities: Helm (CVE-2025-53547) has a high-severity code injection flaw where a symlinked Chart.lock plus a crafted Chart.yaml can write arbitrary content to an executable (potential privilege escalation/lateral movement), and Conductor OSS (CVE-2025-26074) has a remote code execution via inline JavaScript that can call Java classes (mitigate by upgrading to v3.21.13 or running Nashorn with --no-java).