What is Argo CD and why is this vulnerability significant?

Argo CD is a widely used open-source GitOps tool for Kubernetes deployment and management. This vulnerability is significant because it affects both community and enterprise deployments across different organizations and cloud environments, with the potential to compromise authenticated user sessions.

What are the prerequisites for exploiting the Argo CD vulnerability?

The attack vector requires an authenticated user with repository editing permissions to modify repository settings and inject malicious URL schemes. When legitimate users interact with these compromised links, the embedded JavaScript code executes within their authenticated browser session.

Which Argo CD versions contain the patch for CVE-2025-47933?

The vulnerability has been patched in Argo CD versions 2.13.8, 2.14.13, and 3.0.4. Organizations should upgrade to one of these patched releases to protect against the XSS vulnerability.

What is the potential impact of the Argo CD XSS vulnerability?

The vulnerability allows attackers with repository editing permissions to inject malicious JavaScript URLs that execute within the browser context of authenticated users. This can lead to session hijacking, data theft, privilege escalation, or other malicious actions performed in the context of the victim's authenticated session.

How should organizations respond to the Argo CD CVE-2025-47933 vulnerability?

Organizations using affected Argo CD versions should immediately upgrade to the latest patched releases: version 2.13.8, 2.14.13, or 3.0.4. Given the critical CVSS score of 9.9, this update should be prioritized to prevent potential exploitation.

What type of attack does this Argo CD vulnerability enable?

This is a cross-site scripting (XSS) vulnerability that enables attackers to inject and execute malicious JavaScript code in the browsers of authenticated Argo CD users. The attack works by injecting javascript: URL schemes that appear as legitimate links in the user interface.

How long has this Argo CD vulnerability been present?

The vulnerability has been present in the Argo CD codebase for an extended period, affecting all versions from 1.2.0-rc1 onwards. This means many organizations may have been running vulnerable versions for a significant amount of time, highlighting the importance of immediate patching.

Advisory

Critical XSS vulnerability in Argo CD exposes Kubernetes clusters to full resource manipulation

Q: What is CVE-2025-47933 and how severe is this Argo CD vulnerability?

CVE-2025-47933 is a critical cross-site scripting (XSS) vulnerability with a CVSS score of 9.9 affecting Argo CD, a widely used open-source GitOps tool for Kubernetes deployment and management. The flaw affects the repository URL handling mechanism in the Argo CD user interface.

Q: How does the Argo CD XSS vulnerability work technically?

The vulnerability targets the URL protocol validation system within the ui/src/app/shared/components/urls.ts file. When processing repository URLs, the vulnerable code fails to validate or restrict URL protocols, allowing malicious actors to inject javascript: schemes that are subsequently rendered as clickable links in the user interface.

Q: Which versions of Argo CD are affected by CVE-2025-47933?

All Argo CD releases from version 1.2.0-rc1 onwards are affected by this vulnerability. The vulnerability has been present in the codebase for an extended period, affecting a wide range of deployments across different versions.

published: May 29, 2025

Take action: Exploiting this flaw requires that an authenticated user, so you have a bit of time to prepare for an update. But bear in mind that user credentials can be hacked, and there is always a chance of a malicious insider. So don't ignore this flaw, plan a patch.

Learn More

A critical cross-site scripting (XSS) vulnerability has been discovered in Argo CD, a widely used open-source GitOps tool for Kubernetes deployment and management.

The flaw is tracked as CVE-2025-47933 (CVSS score 9.9) and affects the repository URL handling mechanism in the Argo CD user interface, targeting the URL protocol validation system within the ui/src/app/shared/components/urls.ts file. The vulnerability allows attackers with repository editing permissions to inject malicious JavaScript URLs that execute within the browser context of authenticated users.

When processing repository URLs, the vulnerable code fails to validate or restrict URL protocols, allowing malicious actors to inject javascript: schemes that are subsequently rendered as clickable links in the user interface. When legitimate users interact with these compromised links, the embedded JavaScript code executes within their authenticated browser session.

Affected versions include all Argo CD releases from version 1.2.0-rc1 onwards. The vulnerability has been present in the codebase for an extended period, affecting both community and enterprise deployments across different organizations and cloud environments.

Patched versions are Argo CD versions 2.13.8, 2.14.13, and 3.0.4.

The attack vector requires an authenticated user with repository editing permissions to modify repository settings and inject malicious URL schemes.

Organizations using affected Argo CD versions should upgrade to the latest patched releases: version 2.13.8, 2.14.13, or 3.0.4.

Critical XSS vulnerability in Argo CD exposes Kubernetes clusters to full resource manipulation

Read More
TeamPCP Campaign Hijacks Bitwarden npm Package to Steal …
Critical Flaw Reported in AWS CodeBuild
Critical vulnerability in Insomnia API client enables arbitrary …
Microsoft Issues Emergency Patches for Critical ASP.NET Core …
Systemic Design Flaw in MCP Protocol Exposes AI …