VDB
CVE-2025-32445
CVE-2025-32445
PUBLISHED
CVSS 10 CRITICAL
Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR
EPSS 0.30% · 53.6th percentile
Risk Scores
CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.30%
53.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | argoproj/argo-events | 0 |
| argoproj | argo-events | < 1.9.6 |
Timeline
- Jan 21, 1970 Security Advisory
- Apr 14, 2025 CVE Published
- Apr 15, 2025 PoC Published
- Apr 15, 2025 PoC Published
- Apr 16, 2025 EPSS Score
- Apr 16, 2025 PoC Published
- Apr 16, 2025 PoC Published
- Apr 16, 2025 PoC Published
- Apr 16, 2025 PoC Published
- Apr 16, 2025 PoC Published
- Apr 19, 2025 PoC Published
- Apr 20, 2025 PoC Published
References
- https://github.com/argoproj/argo-events/security/advisories/GHSA-hmp7-x699-cvhq url
- https://github.com/argoproj/argo-events/commit/18412293a699f559848b00e6e459c9ce2de0d3e2 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-32445 advisory
- https://github.com/argoproj/argo-events/pull/3528 url
- https://github.com/argoproj/argo-events package
- https://pkg.go.dev/vuln/GO-2025-3608 url