An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project.

The flaw, tracked under CVE-2025-55190, is rated with the maximum severity score of 10.0 in CVSS v3, and allows bypassing isolation mechanisms used to protect sensitive credential information.

Attackers holding those credentials could then use them to clone private codebases, inject malicious manifests, attempt downstream compromise, or pivot to other resources where the same credentials are reused.

Argo CD is a Kubernetes-native continuous deployment (CD) and GitOps tool used by numerous organizations, including large enterprises such as Adobe, Google, IBM, Intuit, Red Hat, Capital One, and BlackRock, which use it for handling large-scale, mission-critical deployments.

The newly discovered vulnerability impacts all versions of Argo CD up to 2.13.0.

“Argo CD API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets,” reads the bulletin published on the project’s GitHub.

“API tokens should require explicit permission to access sensitive credential information,” adds the bulletin on another part, also noting that “Standard project permissions should not grant access to repository secrets.”

The disclosure demonstrates that low-level tokens can retrieve a repository’s username and password.

The attack still requires a valid Argo CD API token, so it is not exploitable by unauthenticated users. However, low-privileged users could use them to gain access to sensitive data that should not usually be accessible.

“This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: p, role/user, projects, get, *, allow,” warns the Argo Project.

Due to the wide breadth of low-privileged tokens that can exploit this flaw, the opportunity for threat actors to gain access to a token increases.

Given Argo CD’s widespread deployment in production clusters by major enterprises, the direct credential exposure and low barrier to exploitation make the flaw particularly dangerous, potentially leading to code theft, extortion, and supply chain attacks.

Ashish Goyal discovered the CVE-2025-55190 flaw, and it has been fixed in Argo CD versions 3.1.2, 3.0.14, 2.14.16, and 2.13.9, so administrators of potentially impacted systems are recommended to move to one of these versions as soon as possible.