Denial of Service Vulnerability in Argo CD by Argo Project
CVE-2025-59537

7.5HIGH

Key Information:

Vendor: Argoproj
Status: Argo-cd
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-59537?

Argo CD, a GitOps continuous delivery tool for Kubernetes, is susceptible to malicious API requests that can inadvertently crash the API server, resulting in denial of service for legitimate users. This issue arises particularly when the default configuration is employed without a specified webhook secret. Specifically, when the /api/webhook endpoint receives a Gogs push event where the JSON field for commits[].repo is absent or null, it compromises the stability of the argocd-server process. Users are advised to upgrade to versions 2.14.20, 3.2.0-rc2, 3.1.8, and 3.0.19 to mitigate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

argo-cd >= 1.2.0, <= 1.8.7 <= 1.2.0, 1.8.7

argo-cd >= 2.0.0-rc1, < 2.14.20 < 2.0.0-rc1, 2.14.20

argo-cd >= 3.2.0-rc1, < 3.2.0-rc2 < 3.2.0-rc1, 3.2.0-rc2

References

https://github.com/argoproj/argo-cd/security/advisories/G...

x_refsource_CONFIRM

https://github.com/argoproj/argo-cd/commit/761fc27068d2d4...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Sep 17, 2025

JSON

Argoproj

What is CVE-2025-59537?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.