Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical XSS Vulnerability in Argo CD, Patch Immediately!
Image
Published : 02/06/2025
- Last update: 02/06/2025
- Affected software: Argo CD
- Affected versions:
→ >= 1.2.0-rc1, <= 1.8.7
→ >= 2.0.0-rc3, < 2.13.8
→ >= 2.14.0-rc1, < 2.14.13
→ >= 3.0.0-rc1, < 3.0.4- Type:
→ CWE-20 Improper Input Validation
→ CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')- CVE/CVSS:
→ CVE-2025-47933: CVSS 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Sources
https://nvd.nist.gov/vuln/detail/CVE-2025-47933
Risks
A critical cross-site scripting (XSS) vulnerability has been disclosed in Argo CD, an open-source, declarative GitOps continuous delivery tool for Kubernetes. This vulnerability allows attackers to execute arbitrary actions on behalf of authenticated users.
Exploitation of this flaw can compromise the confidentiality, integrity, and availability (CIA) of affected systems, enabling attackers to create, modify, or delete Kubernetes resources.
Description
CVE-2025-47933, CVSS 9.0
The vulnerability in the Argo CD web interface allows attackers to inject malicious JavaScript through repository URLs. This happens because the application does not properly validate the URL scheme when generating links. These URLs are then inserted directly into clickable links in the user interface. As a result, if a user clicks one of these links, any embedded JavaScript code could run in their browser.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing. This vulnerability should be patched in v3.0.4, v2.14.13 and v2.13.8.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://github.com/argoproj/argo-cd/security/advisories/GHSA-2hj5-g64g-fp6p