Argo CD API vulnerability leaks repository credentials
Summary
Hide β²
Show βΌ
A critical vulnerability in Argo CD (CVE-2025-55190) allows API tokens with project-level get permissions to access and retrieve all repository credentials associated with the project. This flaw affects all versions of Argo CD up to 2.13.0 and can lead to unauthorized access to private codebases, malicious code injection, and potential downstream compromises. The vulnerability is rated with the maximum severity score of 10.0 in CVSS v3. It impacts numerous organizations, including large enterprises that use Argo CD for mission-critical deployments.
Timeline
-
05.09.2025 18:30 π° 1 articles Β· β± 11d ago
Argo CD API vulnerability leaks repository credentials
A critical vulnerability in Argo CD (CVE-2025-55190) allows API tokens with project-level get permissions to access and retrieve all repository credentials associated with the project. This flaw affects all versions of Argo CD up to 2.13.0 and can lead to unauthorized access to private codebases, malicious code injection, and potential downstream compromises. The vulnerability is rated with the maximum severity score of 10.0 in CVSS v3. It impacts numerous organizations, including large enterprises that use Argo CD for mission-critical deployments.
Show sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30
Information Snippets
-
The vulnerability (CVE-2025-55190) allows API tokens with project-level get permissions to access sensitive repository credentials.
First reported: 05.09.2025 18:30π° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30
-
The flaw affects all versions of Argo CD up to 2.13.0.
First reported: 05.09.2025 18:30π° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30
-
Exploitation requires a valid Argo CD API token, limiting the attack to authenticated users.
First reported: 05.09.2025 18:30π° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30
-
The vulnerability can lead to code theft, extortion, and supply chain attacks.
First reported: 05.09.2025 18:30π° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30
-
The flaw bypasses isolation mechanisms designed to protect sensitive credential information.
First reported: 05.09.2025 18:30π° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30
-
Argo CD is used by major enterprises such as Adobe, Google, IBM, Intuit, Red Hat, Capital One, and BlackRock.
First reported: 05.09.2025 18:30π° 1 source, 1 articleShow sources
- Max severity Argo CD API flaw leaks repository credentials β www.bleepingcomputer.com β 05.09.2025 18:30