A critical security flaw (CVE-2025-55190) in Argo CD allows attackers to access sensitive repository credentials through project API tokens, risking widespread compromise. Immediate patches have been released for affected versions, emphasizing the importance of timely updates and credential management. #ArgoCD #CVE-2025-55190
Keypoints
- The vulnerability affects Argo CD versions from 2.2.0-rc1 onwards and has a CVSS score of 9.8.
- Attackers can retrieve plaintext repository credentials via the project API endpoint using tokens with minimal permissions.
- The flaw allows exploitation without user interaction, with low attack complexity and privileges required.
- Impacted credentials include usernames and passwords for Helm chart repositories, which can lead to supply chain attacks.
- Users should upgrade affected versions immediately, rotate credentials, and review API token permissions to mitigate risks.
Read More: https://thecyberexpress.com/critical-argo-cd-api-flaw-cve-2025-55190/