CVE-2025-47933

Published May 29, 2025

Last updated 2 months ago

CVSS critical 9.0

Overview

Description
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/gWxLyWHkAV https://t.co/vSPl08Bkf4

    @SirajD_Official

    9 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/KlP6SkMgYf https://t.co/4LJJ5Ka6DT

    @dsimelka

    5 Jun 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/ufbetlOGPx https://t.co/OK06Y8aAgX

    @VitoFMazzotta

    4 Jun 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/eRozOp6ERD https://t.co/Up5bVWlkR3

    @cchilderhose

    3 Jun 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/E55xkYDhaN https://t.co/t6UmFydooS

    @iVarunVerma

    3 Jun 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/G2rIDpaTVB https://t.co/bq81L0G6md

    @butch7903

    3 Jun 2025

    91 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Using ArgoCD? Are you patched for critical CVE-2025-47933? https://t.co/zN42bHWlGl https://t.co/rARwr9Ixla

    @DonBarrett79785

    3 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Warning: Critical XSS vulnerability in @argo_cd #ArgoCD. CVE-2025-47933 with a CVSS score of 9.0 allows authenticated attackers to create, modify, or delete Kubernetes resources. Act immediately to secure your systems. Details: https://t.co/lJiZhmJzo4 #Kubernetes #Patch

    @CCBalert

    2 Jun 2025

    278 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ๐Ÿšจ CVE-2025-47933 โš ๏ธ๐Ÿ”ด CRITICAL (9.1) ๐Ÿข argoproj - argo-cd ๐Ÿ—๏ธ >= 1.2.0-rc1, <= 1.8.7 ๐Ÿ”— https://t.co/W3tRUW1fqX ๐Ÿ”— https://t.co/pAxFvsFUWY #CyberCron #VulnAlert #InfoSec https://t.co/4cAhGWCQcI

    @cybercronai

    30 May 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. A critical XSS vulnerability (CVE-2025-47933) in Argo CD allows full Kubernetes resource control and cross-site scripting due to improper URL protocol validation. Patches are now available. ๐Ÿšจ #ArgoCD #Kubernetes #USA https://t.co/93IUzr8t5K

    @TweetThreatNews

    30 May 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-47933 Cross-Site Scripting in Argo CD via Unfiltered URL Protocols Before 3.0.4 https://t.co/1YPyBVZRvr

    @VulmonFeeds

    29 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2025-47933: CRITICAL] Cybersecurity alert! Argo CD, a GitOps tool for Kubernetes, had a vulnerability allowing attackers to perform actions via API. Patched in versions 2.13.8, 2.14.13, 3.0.4.#cve,CVE-2025-47933,#cybersecurity https://t.co/WnsRTKgm9C https://t.co/5pmz3C95Wx

    @CveFindCom

    29 May 2025

    61 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-47933 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on bโ€ฆ https://t.co/JovPeTuvBJ

    @CVEnew

    29 May 2025

    359 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ๐Ÿšจ CVE-2025-47933 in Argo CD is a critical XSS vulnerability risking users with edit permissions. Update now to protect your Kubernetes resources. ๐Ÿ”ง Read more: https://t.co/B4BenakCGi #ArgoCD #XSS #CyberSecurity #Vulert #PatchNow ๐Ÿ›ก๏ธ https://t.co/Vb4ybmMw8D

    @vulert_official

    29 May 2025

    55 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.