What is CVE-2025-62157?

### Summary An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read `workflow-controller` logs and get credentials to the artifact repository. ### Details An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal, delete or modify the data that resides there. The `workflow-controller` logs show the credentials in plaintext. ### Impact An attacker with access to pod logs in the `argo` namespace can extract plaintext credentials from the `workflow-controller` logs and gain access to the artifact repository. This can lead to: - Data exfiltration – theft of sensitive or proprietary artifacts - Data tampering – modification of workflows or artifacts - Data destruction – deletion of stored artifacts, leading to potential loss of critical data or pipeline failure

What is the severity of CVE-2025-62157?

CVE-2025-62157 has a CVSS v3 score of 6.5, which is classified as Medium severity.

Is there an exploit available for CVE-2025-62157?

No known public exploits are currently available for CVE-2025-62157.

Is there a patch available for CVE-2025-62157?

Yes, patches are available for CVE-2025-62157. Check the vendor advisories for update instructions.

CVE-2025-62157 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Severity Scores

CVSS v36.5

CVSS v20.0

Priority Score338.0

EPSS Score0.0

Medium

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

6.5

CVSS

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

An attacker who has permissions to read logs from pods in a namespace with Argo Workflow can read workflow-controller logs and get credentials to the artifact repository.

Details

An attacker, by reading the logs of the workflow controller pod, can access the artifact repository, and steal, delete or modify the data that resides there. The workflow-controller logs show the credentials in plaintext.

Impact

An attacker with access to pod logs in the argo namespace can extract plaintext credentials from the workflow-controller logs and gain access to the artifact repository. This can lead to:

Data exfiltration – theft of sensitive or proprietary artifacts
Data tampering – modification of workflows or artifacts
Data destruction – deletion of stored artifacts, leading to potential loss of critical data or pipeline failure

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Local

User Interaction:Network

Scope:Unchanged

Confidentiality:High

Integrity:Network

Availability:Network

Patch References

Github.com Github.com Security [email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Argoproj	Argo Workflows

CVE-2025-62157 - CVE Details, Severity, and Analysis | Strobes VI