Summary: A critical vulnerability (CVE-2025-32445) in Argo Events allows users to exploit EventSource and Sensor custom resources to gain privileged access to Kubernetes clusters, scoring a maximum CVSS of 10. This issue poses severe risks, including tenant isolation breakdown and unauthorized access to sensitive data. A patch (v1.9.6) has been released, and users are urged to upgrade promptly.
Affected: Argo Events, Kubernetes
Keypoints :
- Vulnerability allows users to gain host system and cluster access through custom resources.
- Exploitation can lead to breaking tenant isolation and compromising security models.
- A patch (v1.9.6) has been released, limiting risky properties in the configuration.
Source: https://securityonline.info/critical-cve-2025-32445-vulnerability-in-argo-events-scores-cvss-10/