CVE-2025-55190

CRITICAL EXPLOITED NUCLEI

Argo CD 2.13.0-2.13.8 2.14.0-2.14.15 3.0.0-3.0.12 3.1.0-rc1-3.1.1 - Sensitive Info Exposure via API

Title source: llm

Exploitation Summary

CVE-2025-55190 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.

Nuclei Templates (1)

ArgoCD Project API Token Repository Credentials Exposure

CRITICALVERIFIEDby nukunga[seunghyeonJeon]

Shodan: http.title:"argo cd"

References (2)

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/argoproj/argo-cd/security/advisories/GHSA-786q-9hcg-v9ff

Patch x_refsource_misc

https://github.com/argoproj/argo-cd/commit/e8f86101f5378662ae6151ce5c3a76e9141900e8

View Patch ZIP pw:eip

Scores

CVSS v3 9.9

EPSS 0.0538

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2025-11-18

CWE

CWE-200

Status published

Products (3)

argoproj/argo-cd 0 - 3.0.14Go

argoproj/argo-cd 2.13.0 - 2.13.9Go

argoproj/argo_cd 2.2.0 - 2.13.9

Published Sep 04, 2025

Tracked Since Feb 18, 2026