VYPR
High severityNVD Advisory· Published Oct 14, 2025· Updated Oct 14, 2025

Argo Workflows exposes artifact repository credentials in workflow-controller logs

CVE-2025-62157

Description

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 expose artifact repository credentials in plaintext in workflow-controller pod logs. An attacker with permissions to read pod logs in a namespace running Argo Workflows can read the workflow-controller logs and obtain credentials to the artifact repository. Update to versions 3.6.12 or 3.7.3 to remediate the vulnerability. No known workarounds exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/argoproj/argo-workflows/v3Go
>= 3.7.0, < 3.7.33.7.3
github.com/argoproj/argo-workflows/v3Go
< 3.6.123.6.12

Affected products

68

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.