PT-2025-36094 · Argo Cd · Argo Cd

Ntammineni5

·

Published

2025-09-04

·

Updated

2026-05-18

·

CVE-2025-55190

CVSS v3.1

9.9

Critical

VectorAV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Argo CD versions 2.13.0 through 2.13.8 Argo CD versions 2.14.0 through 2.14.15 Argo CD versions 3.0.0 through 3.0.12 Argo CD version 3.1.0-rc1 through 3.1.1
Description Argo CD, a declarative GitOps continuous delivery tool for Kubernetes, contains a flaw where API tokens with project-level permissions can retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token lacks explicit access to secrets. This vulnerability affects any token with project 'get' permissions, including global permissions such as p, role/user, projects, get, *, allow. Approximately 488,000+ services and 89,000+ results are found to be using Argo CD.
Recommendations Argo CD versions prior to 2.13.9 Argo CD versions prior to 2.14.16 Argo CD versions prior to 3.0.14 Argo CD versions prior to 3.1.2

Exploit

Fix

RCE

Information Disclosure

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2025-14350
BIT-ARGO-CD-2025-55190
CLEANSTART-2026-AC12204
CLEANSTART-2026-AJ16639
CLEANSTART-2026-BD53293
CLEANSTART-2026-BH97849
CLEANSTART-2026-CZ81512
CLEANSTART-2026-DR75226
CLEANSTART-2026-DZ05206
CLEANSTART-2026-EC15228
CLEANSTART-2026-ER93728
CLEANSTART-2026-FF20499
CLEANSTART-2026-FF98917
CLEANSTART-2026-GL70025
CLEANSTART-2026-GQ03231
CLEANSTART-2026-IO04548
CLEANSTART-2026-JD75482
CLEANSTART-2026-JO01099
CLEANSTART-2026-JR48309
CLEANSTART-2026-JU62670
CLEANSTART-2026-JW58725
CLEANSTART-2026-KU65968
CLEANSTART-2026-KZ60560
CLEANSTART-2026-LS98939
CLEANSTART-2026-LU21824
CLEANSTART-2026-MA32024
CLEANSTART-2026-NJ43712
CLEANSTART-2026-NP17404
CLEANSTART-2026-NP19113
CLEANSTART-2026-NT80635
CLEANSTART-2026-NV34418
CLEANSTART-2026-OA33370
CLEANSTART-2026-OX06978
CLEANSTART-2026-PN58989
CLEANSTART-2026-QB67682
CLEANSTART-2026-QC30410
CLEANSTART-2026-QF85840
CLEANSTART-2026-QK02462
CLEANSTART-2026-TT42218
CLEANSTART-2026-UO76615
CLEANSTART-2026-VJ77782
CLEANSTART-2026-VY87942
CLEANSTART-2026-WP10148
CLEANSTART-2026-WQ07901
CLEANSTART-2026-XR85161
CLEANSTART-2026-YQ79300
CLEANSTART-2026-YW12690
CVE-2025-55190
GHSA-786Q-9HCG-V9FF
GO-2025-3934
OPENSUSE-SU-2025:15538-1
SUSE-SU-2025:03289-1

Affected Products

Argo Cd