Zip Slip Path Traversal in Argo Workflows by Argo Project
CVE-2025-62156

8.1HIGH

Key Information:

Vendor

Argoproj

Status
Argo-workflows
Vendor
CVE Published:
14 October 2025

What is CVE-2025-62156?

Argo Workflows contains a Zip Slip path traversal vulnerability during artifact extraction, allowing malicious users to manipulate archive entries to write files outside the designated extraction path. This could lead to unauthorized modifications of critical system files (such as /etc/passwd) within the container environment, posing significant security risks. It is crucial to upgrade to versions 3.6.12 or 3.7.3 to mitigate this vulnerability and secure your Kubernetes deployments.

Affected Version(s)

argo-workflows < 3.6.12 < 3.6.12

argo-workflows >= 3.7.0, < 3.7.3 < 3.7.0, 3.7.3

References

https://github.com/argoproj/argo-workflows/security/advis...
x_refsource_CONFIRM
https://github.com/argoproj/argo-workflows/commit/5659ad9...
x_refsource_MISC
https://github.com/argoproj/argo-workflows/commit/9f6bc5d...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.