CVE-2025-66626

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Argo Workflows versions 3.6.13 and below Argo Workflows versions 3.7.0 through 3.7.4

Description Argo Workflows, a container-native workflow engine for Kubernetes, has an issue with unsafe untar code that improperly handles symbolic links within archives. A flaw exists in how a link's target is calculated and checked. This allows an attacker to overwrite the file /var/run/argo/argoexec with a malicious script, which would then be executed when the pod starts. The previously deployed patch is ineffective against archives containing malicious symbolic links.

Recommendations Update to Argo Workflows version 3.6.14 or later. Update to Argo Workflows version 3.7.5 or later.

Exploit

Fix

RCE

Path traversal

Relative Path Traversal

Link Following

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-23CWE-59CWE-78

Related Identifiers

BIT-ARGO-WORKFLOWS-2025-66626

CVE-2025-66626

GHSA-P84V-GXVW-73PF

GHSA-XRQC-7XGX-C9VH

GO-2025-4223

SUSE-SU-2026:0037-1

Affected Products

Argo Workflows

Kubernetes

CVE-2025-66626

Weakness Enumeration

Related Identifiers

Affected Products

References · 98