CVE-2025-32445
Argo Events Privileged Access Escalation
Description
Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod. With these, a user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. This vulnerability is fixed in v1.9.6.
INFO
Published Date :
April 15, 2025, 8:15 p.m.
Last Modified :
April 16, 2025, 1:25 p.m.
Source :
[email protected]
Remotely Exploitable :
Yes !
Impact Score :
6.0
Exploitability Score :
3.1
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-32445.
| URL | Resource |
|---|---|
| https://github.com/argoproj/argo-events/commit/18412293a699f559848b00e6e459c9ce2de0d3e2 | |
| https://github.com/argoproj/argo-events/security/advisories/GHSA-hmp7-x699-cvhq |
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-32445 vulnerability anywhere in the article.
-
TheCyberThrone
CVE-2025-2492 impacts ASUS AiCloud Routers
CVE-2025-2492 is a critical authentication bypass vulnerability affecting ASUS routers with AiCloud enabled. This flaw allows remote attackers to execute unauthorized functions on vulnerable devices w ... Read more
-
TheCyberThrone
IronHusky APT deploys MysterySnail APT
IronHusky APT, a China-linked cyber espionage group, has resurfaced with an evolved version of its MysterySnail RAT, targeting government organizations in Russia and Mongolia. Leveraging malicious MMC ... Read more
-
TheCyberThrone
Operation ForumTroll Detailed out
Operation ForumTroll is a sophisticated Advanced Persistent Threat (APT) campaign that exploits a zero-day vulnerability (CVE-2025-2783) in Google Chrome. This operation was uncovered in March 2025 an ... Read more
-
TheCyberThrone
CVE-2025-32445 Privilege Escalation Flaw in Argo Events
CVE-2025-32445 is a critical privilege escalation vulnerability affecting Argo Events, an event-driven workflow automation framework designed for Kubernetes environments. The flaw enables users with p ... Read more
-
Daily CyberSecurity
Critical CVE-2025-32445 Vulnerability in Argo Events Scores CVSS 10
A critical security vulnerability has been discovered in Argo Events, an event-driven workflow automation framework for Kubernetes. The vulnerability, identified as CVE-2025-32445, carries the maximum ... Read more
The following table lists the changes that have been made to the
CVE-2025-32445 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Apr. 15, 2025
Action Type Old Value New Value Added Description Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod. With these, a user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. This vulnerability is fixed in v1.9.6. Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Added CWE CWE-250 Added Reference https://github.com/argoproj/argo-events/commit/18412293a699f559848b00e6e459c9ce2de0d3e2 Added Reference https://github.com/argoproj/argo-events/security/advisories/GHSA-hmp7-x699-cvhq
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-32445 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-32445
weaknesses.