CVE-2025-59537

High CVSS: 7.5

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. With the default configuration, no webhook.gogs.secret set, Argo CD’s /api/webhook endpoint will crash the entire argocd-server process when it receives a Gogs push event whose JSON field commits[].repo is not set or is null. This issue is fixed in versions 2.14.20, 3.2.0-rc2, 3.1.8 and 3.0.19.

Vendor

Argoproj

Product

Argo Cd

CWE

CWE-20

Yayın Tarihi

2025-10-01 21:16:43

Güncelleme

2025-10-07 14:34:45

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Argo Cd HIGH Argoproj 2025

Referanslar

https://github.com/argoproj/argo-cd/commit/761fc27068d2d4cd24e1f784eb2a9033b5ee7f43 https://github.com/argoproj/argo-cd/security/advisories/GHSA-wp4p-9pxh-cgx2 https://github.com/argoproj/argo-cd/security/advisories/GHSA-wp4p-9pxh-cgx2

Benzer Kayıtlar

High

CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.…

Critical

CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t…

High

CVE-2026-23960

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior t…

High

CVE-2025-66626

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62156

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Version…

High

CVE-2025-62157

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Wo…