216.73.216.133

CVE-2025-62157

· Published 14/10/2025 15:16 · Modified 14/10/2025 19:36

Labels: CVE-2025-62157 2025-10-14CVE-2025-62157CWE-522[email protected]

Essential information

Published
14/10/2025 15:16
Modified
14/10/2025 19:36
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissions to read pod logs in a namespace running Argo Workflows can read the workflow-controller logs and obtain credentials to the artifact repository. Update to versions 3.6.12 or 3.7.3 to remediate the vulnerability. No known workarounds exist.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
argoproj / argo workflows cpe:2.3:a:argoproj:argo_workflows:<3.6.12:*:*:*:*:*:*:*
argoproj / argo workflows cpe:2.3:a:argoproj:argo_workflows:3.7.0-3.7.2:*:*:*:*:*:*:*

References