Argo CD API vulnerability exposes repository credentials
Summary
Hide â˛
Show âŧ
A critical vulnerability in Argo CD, tracked as CVE-2025-55190, allows API tokens with low-level project permissions to access and retrieve all repository credentials associated with a project. This flaw impacts all versions of Argo CD up to 2.13.0 and poses a significant risk to organizations using the tool for continuous deployment and GitOps. Argo CD is used by major enterprises, including Adobe, Google, IBM, and Capital One, for handling large-scale, mission-critical deployments. The vulnerability can lead to unauthorized access to private codebases, malicious code injection, and potential supply chain attacks. The flaw bypasses isolation mechanisms designed to protect sensitive information, enabling attackers to clone private repositories, inject malicious manifests, or pivot to other resources where the same credentials are reused.
Timeline
-
05.09.2025 18:30 đ° 1 articles
Argo CD API vulnerability allows low-privileged access to repository credentials
A critical vulnerability in Argo CD, tracked as CVE-2025-55190, allows API tokens with low-level project permissions to access and retrieve all repository credentials associated with a project. This flaw impacts all versions of Argo CD up to 2.13.0 and poses a significant risk to organizations using the tool for continuous deployment and GitOps. The vulnerability can lead to unauthorized access to private codebases, malicious code injection, and potential supply chain attacks.
Show sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
Information Snippets
-
The vulnerability, CVE-2025-55190, affects all versions of Argo CD up to 2.13.0.
First reported: 05.09.2025 18:30đ° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
-
API tokens with project-level get permissions can retrieve sensitive repository credentials.
First reported: 05.09.2025 18:30đ° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
-
The flaw allows attackers to bypass isolation mechanisms protecting sensitive credential information.
First reported: 05.09.2025 18:30đ° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
-
Exploiting the vulnerability requires a valid Argo CD API token, limiting exposure to authenticated users.
First reported: 05.09.2025 18:30đ° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
-
The vulnerability can lead to unauthorized access to private codebases, malicious code injection, and potential supply chain attacks.
First reported: 05.09.2025 18:30đ° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
-
Argo CD is used by major enterprises, including Adobe, Google, IBM, and Capital One, for handling large-scale, mission-critical deployments.
First reported: 05.09.2025 18:30đ° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials â www.bleepingcomputer.com â 05.09.2025 18:30
Similar Happenings
Malicious PyPI and npm Packages Exploit Dependencies in Supply Chain Attacks
Cybersecurity researchers have identified malicious packages in the Python Package Index (PyPI) and npm repositories that exploit dependencies to execute supply chain attacks. The PyPI package termncolor, with 355 downloads, and its dependency colorinal, with 529 downloads, were found to perform DLL side-loading to achieve persistence and remote code execution. The malware can infect both Windows and Linux systems. Additionally, npm packages were discovered to harvest sensitive data, including iCloud Keychain, web browser, and cryptocurrency wallet information. The attacks highlight the risks associated with automated dependency upgrades and the importance of monitoring open-source ecosystems for potential threats. In a recent supply chain attack, attackers injected malware into npm packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The attack impacted roughly 10% of all cloud environments. The malware operates by injecting itself into the web browser, monitoring cryptocurrency transactions, and redirecting them to attacker-controlled wallet addresses. The compromised packages include debug, chalk, and ansi-styles, among others. The impact of the attack is limited to fresh installs between ~9 AM and ~11.30 AM ET on September 8, 2025, when the packages were compromised. This attack follows a series of similar incidents targeting JavaScript libraries, highlighting the ongoing threat to the open-source ecosystem.