AI description
CVE-2025-55190 is a vulnerability affecting Argo CD, a GitOps continuous delivery tool for Kubernetes. The vulnerability resides in versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12, and 3.1.0-rc1 through 3.1.1. The vulnerability allows API tokens with project-level permissions to retrieve sensitive repository credentials, such as usernames and passwords, through the project details API endpoint. This occurs even when the token only has standard application management permissions and no explicit access to secrets. The issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
- Description
- Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- argo_cd
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-200
- Hype score
- Not currently trending
#VulnerabilityReport Argo CD Patches Critical CVSS 10 Vulnerability Exposing Repository Credentials (CVE-2025-55190) https://t.co/XMCpOpyhKJ
@Komodosec
12 Oct 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Tech Pulse Sept 2025: AWS revenue soars to $30.9B but margins tighten, Google Gemini safety concerns for minors, critical Argo CD flaw (CVE-2025-55190), MindsEye game recovery, & AI-driven cyberattacks on healthcare. Key insights for tech leaders—stay ahead of risks & t
@cageyvdev
22 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical 9.8 CVSS flaw in Argo CD (CVE-2025-55190) exposes GitOps repo credentials via project API tokens, requiring immediate patching of versions 2.2.0-rc1+. Exploits need minimal permissions and no user action. #ArgoCD #GitOps #USA https://t.co/CUVkHVGNOR
@TweetThreatNews
8 Sept 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-55190: CRITICAL] 🛡️ Update Alert 🚨 Argo CD version 2.13.0 - 3.1.1 is vulnerable to API tokens extracting sensitive credentials. Update to versions 2.13.9, 2.14.16, 3.0.14, or 3.1.2 to fix this issue.#cve,CVE-2025-55190,#cybersecurity https://t.co/vHBSdfrYVe
@CveFindCom
8 Sept 2025
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerabilities Alert 🚨 - Patch Zabbix RCE ASAP to block exploits. - CVE-2025-55190: Argo CD flaw risking Git credentials. 🔍 Stay sharp! Timely updates are crucial to curb these threats. #Cybersecurity
@K3YPTlC
8 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Exploring cybersecurity: A critical RCE vulnerability in Zabbix calls for immediate action. Defend against the Argo CD Breach (CVE-2025-55190) exposing Git repo credentials. Secure your systems before it's too late.
@K3YPTlC
7 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨🚨CVE-2025-55190 (CVSS: 10): Argo CD Credential Exposure Vulnerability Project API tokens can leak sensitive repository credentials (usernames, passwords) via the project details API, even without explicit secret access. Search by vul.cve Filter👉vul.cve="CVE-2025-55190"
@zoomeye_team
6 Sept 2025
591 Impressions
0 Retweets
2 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-55190 (CVSS: 10): Argo CD Credential Exposure Vulnerability Project API tokens can leak sensitive repository credentials (usernames, passwords) via the project details API, even without explicit secret access. Search by vul.cve Filter👉vul.cve="CVE-2025-55190"
@zoomeye_team
6 Sept 2025
106 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
📡 Zabbix releases a patch for RCE vulnerability. Secure ASAP! 🔐 Argo CD's CVE-2025-55190 leaks Git credentials—act now! 🖥️ Windows driver bug grants access—update drivers! 🌐 CVE-2025-56752 impacts Ruijie—patch up!
@K3YPTlC
6 Sept 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Alert🚨CVE-2025-55190(CVSS: 10.0):Sensitive Repository Credential Disclosure in Argo CD Across Multiple Versions 🧐Detail :https://t.co/07OSiS0TWR 📊488K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/LsJpakN5Ke 👇Query HUNTER
@HunterMapping
5 Sept 2025
2641 Impressions
11 Retweets
31 Likes
19 Bookmarks
0 Replies
0 Quotes
Argo CDがCVSSスコア10の脆弱性を修正。CVE-2025-55190はプロジェクト単位のパーミッションを持つAPIトークンで、明示的に許可されていない機微情報も取得可能なもの。修正版提供あり。 https://t.co/1iZ5Du24W0
@__kokumoto
5 Sept 2025
1065 Impressions
2 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "509DC36B-0F94-49A8-9FCC-759608EE674A",
"versionEndExcluding": "2.13.9",
"versionStartIncluding": "2.2.0"
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94CAAB98-4756-4D4C-9D65-6AC761182AF2",
"versionEndExcluding": "2.14.16",
"versionStartIncluding": "2.14.0"
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F787DAD3-5CDA-437F-9234-730303893260",
"versionEndExcluding": "3.0.14",
"versionStartIncluding": "3.0.0"
},
{
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF17F8A2-1829-49D6-BD12-D608DA1A6EB0",
"versionEndExcluding": "3.1.2",
"versionStartIncluding": "3.1.0"
}
],
"operator": "OR"
}
]
}
]