Artifact Repository Credentials Exposure in Argo Workflows by Argo Project
CVE-2025-62157

8.5HIGH

Key Information:

Vendor

Argoproj

Status
Argo-workflows
Vendor
CVE Published:
14 October 2025

What is CVE-2025-62157?

Argo Workflows, a leading open source workflow engine for container orchestration on Kubernetes, has a vulnerability that exposes artifact repository credentials in plaintext within the pod logs of the workflow-controller. This issue affects users of versions prior to 3.6.12 and versions 3.7.0 through 3.7.2. Attackers with access to the pod logs can compromise these credentials, potentially leading to unauthorized access to sensitive artifact repositories. To address this vulnerability, upgrading to Argo Workflows version 3.6.12 or later, specifically 3.7.3, is essential. Unfortunately, there are currently no workarounds available.

Affected Version(s)

argo-workflows >= 3.7.0, < 3.7.3 < 3.7.0, 3.7.3

argo-workflows < 3.6.12 < 3.6.12

References

https://github.com/argoproj/argo-workflows/security/advis...
x_refsource_CONFIRM
https://github.com/argoproj/argo-workflows/commit/18ad513...
x_refsource_MISC
https://github.com/argoproj/argo-workflows/commit/bded09f...
x_refsource_MISC

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.