PT-2025-41938 · Unknown · Argo Workflows

Published

2025-04-22

·

Updated

2026-05-18

·

CVE-2025-62157

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.6.12 Argo Workflows versions 3.7.0 through 3.7.2
Description Argo Workflows is a container-native workflow engine for Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext within the workflow-controller pod logs. An attacker with access to read pod logs in a namespace running Argo Workflows can potentially obtain these credentials.
Recommendations Update to version 3.6.12 or 3.7.3.

Exploit

Fix

Insufficiently Protected Credentials

Weakness Enumeration

CWE-522

Related Identifiers

BDU:2025-12969
BIT-ARGO-WORKFLOWS-2025-62157
CLEANSTART-2026-BY71381
CLEANSTART-2026-CV28298
CLEANSTART-2026-DS30740
CLEANSTART-2026-DV04077
CLEANSTART-2026-FQ05951
CLEANSTART-2026-FX27781
CLEANSTART-2026-HK06185
CLEANSTART-2026-JQ02410
CLEANSTART-2026-LS30652
CLEANSTART-2026-MK40719
CLEANSTART-2026-OD47693
CLEANSTART-2026-PK69606
CLEANSTART-2026-PS30901
CLEANSTART-2026-QM19832
CLEANSTART-2026-RU00721
CLEANSTART-2026-SO95938
CLEANSTART-2026-WA03785
CLEANSTART-2026-WK88787
CLEANSTART-2026-WP20592
CLEANSTART-2026-XR17407
CLEANSTART-2026-ZM51114
CVE-2025-62157
GHSA-C2HV-4PFJ-MM2R
GO-2025-4024
OPENSUSE-SU-2025:15710-1

Affected Products

Argo Workflows