cbcvebase.
CVE-2025-47933
published 2025-05-29

CVE-2025-47933: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary…

PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.41%
32.8th percentile
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve cross-site scripting with permission to edit the repository. This issue has been patched in versions 2.13.8, 2.14.13, and 3.0.4.

Affected

13 ranges
VendorProductVersion rangeFixed in
argoprojargo-cd
argoprojargo-cd
argoprojargo-cd
argoprojargo-cd
argoprojargo_cd
argoprojargo_cd>= 1.2.1 < 2.13.82.13.8
argoprojargo_cd>= 2.14.0 < 2.14.132.14.13
argoprojargo_cd>= 3.0.0 < 3.0.43.0.4
github.comargoproj_argo-cd1.2.0-rc1 – 1.8.7
github.comargoproj_argo-cd>= 1.2.0-rc1
github.comargoproj_argo-cd_v2>= 2.0.0-rc3 < 2.13.82.13.8
github.comargoproj_argo-cd_v2>= 2.14.0-rc1 < 2.14.132.14.13
github.comargoproj_argo-cd_v3>= 0 < 3.0.43.0.4

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat9.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.