CVE-2025-62157

HIGH EPSS 35.3%
Published Oct 14, 20258mo ago · Modified Jun 17, 20261w ago
8.5 CVSS 4.0
High
Find Similar
Published Oct 14, 2025 8mo ago
Last Modified Jun 17, 2026 1w ago

Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissions to read pod logs in a namespace running Argo Workflows can read the workflow-controller logs and obtain credentials to the artifact repository. Update to versions 3.6.12 or 3.7.3 to remediate the vulnerability. No known workarounds exist.

CVSS Details

Base Score
8.5
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
35.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-522

Affected Products 2

VendorProductVersionRange
argoprojargo_workflows* <3.6.12
argoprojargo_workflows*≥3.7.0  –  <3.7.3

References 3

  • github.com https://github.com/argoproj/argo-workflows/commit/18ad5138b6bcb2aba04e00b4ec657bc6b8fad8df
    Patch
  • github.com https://github.com/argoproj/argo-workflows/commit/bded09fe4abd37cb98d7fc81b4c14a6f5034e9ab
    Patch
  • github.com https://github.com/argoproj/argo-workflows/security/advisories/GHSA-c2hv-4pfj-mm2r
    Vendor Advisory

Remediation

  • github.com https://github.com/argoproj/argo-workflows/commit/18ad5138b6bcb2aba04e00b4ec657bc6b8fad8df
    Patch
  • github.com https://github.com/argoproj/argo-workflows/commit/bded09fe4abd37cb98d7fc81b4c14a6f5034e9ab
    Patch