Argo CD

A critical Cross-Site Scripting (XSS) vulnerability has been discovered in Argo CD, a popular GitOps continuous delivery tool for Kubernetes. This vulnerability, designated as CVE-2025-47933, allows attackers with edit permissions to inject malicious JavaScript into repository links. When administrators click these links, the malicious scripts execute, enabling unauthorized actions such as creating, modifying, and deleting Kubernetes resources. The vulnerability affects versions from 1.2.0-rc1 up to recently patched versions v3.0.4, v2.14.13, and v2.13.8. The CVSS base score is 9.1, indicating a critical risk.

Source: https://cybersecuritynews.com/argo-cd-vulnerability/

TPRM report: https://www.rankiteo.com/company/argoproj

"id": "arg1003052925",
"linkid": "argoproj",
"type": "Vulnerability",
"date": "5/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Technology',
                        'name': 'Argo CD',
                        'type': 'Software'}],
 'attack_vector': 'Malicious JavaScript injection through repository links',
 'description': 'A critical Cross-Site Scripting (XSS) vulnerability has been '
                'discovered in Argo CD, the popular GitOps continuous delivery '
                'tool for Kubernetes environments. Designated as '
                'CVE-2025-47933, this security flaw enables attackers to '
                'perform unauthorized actions, including creating, modifying, '
                'and deleting Kubernetes resources, through malicious '
                'JavaScript injection. The vulnerability affects a broad range '
                'of Argo CD versions, spanning from 1.2.0-rc1 up to the '
                'recently patched versions v3.0.4, v2.14.13, and v2.13.8.',
 'impact': {'systems_affected': 'Kubernetes resources'},
 'initial_access_broker': {'entry_point': 'Repository configuration '
                                          'permissions',
                           'high_value_targets': 'Administrators'},
 'lessons_learned': 'Improper URL protocol validation can lead to severe '
                    'security compromises. Immediate patching and strict '
                    'access controls are critical.',
 'motivation': 'Unauthorized actions on Kubernetes resources',
 'post_incident_analysis': {'corrective_actions': 'Implement proper URL '
                                                  'validation mechanisms',
                            'root_causes': 'Improper URL protocol validation '
                                           'in the '
                                           'ui/src/app/shared/components/urls.ts '
                                           'file'},
 'recommendations': 'Organizations should immediately upgrade to the patched '
                    'versions, implement strict access controls for repository '
                    'configuration permissions, and consider deploying Content '
                    'Security Policy (CSP) headers.',
 'response': {'remediation_measures': ['Upgrade to patched versions v3.0.4, '
                                       'v2.14.13, or v2.13.8',
                                       'Implement strict access controls for '
                                       'repository configuration permissions',
                                       'Deploy Content Security Policy (CSP) '
                                       'headers']},
 'title': 'Critical XSS Flaw in Argo CD',
 'type': 'Vulnerability',
 'vulnerability_exploited': 'Cross-Site Scripting (XSS)'}

Argo CD

Oracle: Critical Oracle WebLogic Server Proxy Vulnerability Lets Attackers Compromise the Server

TP-Link: TP-Link’s Vulnerability: Critical Patch for VIGI Cameras

Google: Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites