cbcvebase.
CVE-2025-23216
published 2025-01-30

CVE-2025-23216: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error…

PriorityP434medium6.8CVSS 3.1
AVNACLPRHUINSCCHINAN
EPSS
0.46%
36.4th percentile
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.

Affected

10 ranges
VendorProductVersion rangeFixed in
argoprojargo-cd< 2.11.132.11.13
argoprojargo-cd
argoprojargo-cd
argoprojargo_cd< 2.11.132.11.13
argoprojargo_cd>= 2.12.0 < 2.12.102.12.10
argoprojargo_cd>= 2.13.0 < 2.13.42.13.4
github.comargoproj_argo-cd0 – 1.8.7
github.comargoproj_argo-cd_v2>= 0 < 2.11.132.11.13
github.comargoproj_argo-cd_v2>= 2.12.0 < 2.12.102.12.10
github.comargoproj_argo-cd_v2>= 2.13.0 < 2.13.42.13.4

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.