Home > Vulnerability Database > CVE-2025-23216

Mend.io Vulnerability Database

CVE-2025-23216

Date: January 30, 2025

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.

Severity Score

6.8

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23216

Url: https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca

Url: https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v

Url: https://github.com/argoproj/argo-cd

Url: https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107

Url: https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j

Url: https://www.mend.io/vulnerability-database/CVE-2025-23216

Severity Score

6.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Generation of Error Message Containing Sensitive Information

CWE-209

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23216

Date: January 30, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?