CyberHappenings logo
☰

Argo CD API vulnerability exposes repository credentials

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability in Argo CD, tracked as CVE-2025-55190, allows API tokens with low-level project permissions to access and retrieve all repository credentials associated with a project. This flaw impacts all versions of Argo CD up to 2.13.0 and poses a significant risk to organizations using the tool for continuous deployment and GitOps. Argo CD is used by major enterprises, including Adobe, Google, IBM, and Capital One, for handling large-scale, mission-critical deployments. The vulnerability can lead to unauthorized access to private codebases, malicious code injection, and potential supply chain attacks. The flaw bypasses isolation mechanisms designed to protect sensitive information, enabling attackers to clone private repositories, inject malicious manifests, or pivot to other resources where the same credentials are reused.

Timeline

  1. 05.09.2025 18:30 📰 1 articles

    Argo CD API vulnerability allows low-privileged access to repository credentials

    A critical vulnerability in Argo CD, tracked as CVE-2025-55190, allows API tokens with low-level project permissions to access and retrieve all repository credentials associated with a project. This flaw impacts all versions of Argo CD up to 2.13.0 and poses a significant risk to organizations using the tool for continuous deployment and GitOps. The vulnerability can lead to unauthorized access to private codebases, malicious code injection, and potential supply chain attacks.

    Show sources

Information Snippets

  • The vulnerability, CVE-2025-55190, affects all versions of Argo CD up to 2.13.0.

    First reported: 05.09.2025 18:30
    📰 1 source, 1 article
    Show sources
  • API tokens with project-level get permissions can retrieve sensitive repository credentials.

    First reported: 05.09.2025 18:30
    📰 1 source, 1 article
    Show sources
  • The flaw allows attackers to bypass isolation mechanisms protecting sensitive credential information.

    First reported: 05.09.2025 18:30
    📰 1 source, 1 article
    Show sources
  • Exploiting the vulnerability requires a valid Argo CD API token, limiting exposure to authenticated users.

    First reported: 05.09.2025 18:30
    📰 1 source, 1 article
    Show sources
  • The vulnerability can lead to unauthorized access to private codebases, malicious code injection, and potential supply chain attacks.

    First reported: 05.09.2025 18:30
    📰 1 source, 1 article
    Show sources
  • Argo CD is used by major enterprises, including Adobe, Google, IBM, and Capital One, for handling large-scale, mission-critical deployments.

    First reported: 05.09.2025 18:30
    📰 1 source, 1 article
    Show sources

Similar Happenings

Malicious PyPI and npm Packages Exploit Dependencies in Supply Chain Attacks

Cybersecurity researchers have identified malicious packages in the Python Package Index (PyPI) and npm repositories that exploit dependencies to execute supply chain attacks. The PyPI package termncolor, with 355 downloads, and its dependency colorinal, with 529 downloads, were found to perform DLL side-loading to achieve persistence and remote code execution. The malware can infect both Windows and Linux systems. Additionally, npm packages were discovered to harvest sensitive data, including iCloud Keychain, web browser, and cryptocurrency wallet information. The attacks highlight the risks associated with automated dependency upgrades and the importance of monitoring open-source ecosystems for potential threats. In a recent supply chain attack, attackers injected malware into npm packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The attack impacted roughly 10% of all cloud environments. The malware operates by injecting itself into the web browser, monitoring cryptocurrency transactions, and redirecting them to attacker-controlled wallet addresses. The compromised packages include debug, chalk, and ansi-styles, among others. The impact of the attack is limited to fresh installs between ~9 AM and ~11.30 AM ET on September 8, 2025, when the packages were compromised. This attack follows a series of similar incidents targeting JavaScript libraries, highlighting the ongoing threat to the open-source ecosystem.