Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-55191

CVE-2025-55191: Argoproj Argo CD DoS Vulnerability

CVE-2025-55191 is a denial-of-service flaw in Argoproj Argo CD caused by a race condition in repository credentials handlers. Attackers can crash the server, disrupting GitOps operations. Learn about affected versions and patches.

Published:

CVE-2025-55191 Overview

CVE-2025-55191 is a race condition vulnerability [CWE-362] in Argo CD, a declarative GitOps continuous delivery tool for Kubernetes. The flaw resides in the repository credentials handler in util/db/repository_secrets.go. Concurrent operations on the same repository URL cause the Argo CD server to panic and crash. An attacker holding a valid API token with repositories resource permissions (create, update, or delete) can trigger the condition. Repeated exploitation maintains a denial-of-service state and disrupts all GitOps operations. The issue affects versions 2.1.0 through 2.14.19, 3.0.0-rc1 through 3.0.18, 3.1.0-rc1 through 3.1.7, and 3.2.0-rc1. Fixed releases are 2.14.20, 3.0.19, 3.1.8, and 3.2.0-rc2.

Critical Impact

Authenticated attackers can crash the Argo CD server on demand and sustain a denial-of-service state, halting all Kubernetes GitOps deployments and reconciliation.

Affected Products

  • Argo CD versions 2.1.0 through 2.14.19
  • Argo CD versions 3.0.0-rc1 through 3.0.18
  • Argo CD versions 3.1.0-rc1 through 3.1.7 and 3.2.0-rc1

Discovery Timeline

  • 2025-09-30 - CVE-2025-55191 published to NVD
  • 2025-10-07 - Last updated in NVD database

Technical Details for CVE-2025-55191

Vulnerability Analysis

The vulnerability is a race condition in Argo CD's repository credentials handling logic. The affected code in util/db/repository_secrets.go manages Kubernetes secrets that store credentials for Git repositories tracked by Argo CD. When multiple API requests perform create, update, or delete operations targeting the same repository URL concurrently, the handler enters an inconsistent state and triggers a panic in the Argo CD server process.

The panic propagates and crashes the entire server, taking down the API, web UI, and reconciliation loops. Because GitOps workflows rely on continuous reconciliation between desired and actual cluster state, a sustained crash loop prevents application synchronization, drift correction, and new deployments across every Argo CD-managed cluster.

Root Cause

The root cause is missing synchronization in repository secret handlers. Multiple goroutines servicing concurrent API calls read and modify the same secret resources without adequate locking or atomicity guarantees. The unsynchronized access produces nil dereferences or invalid state transitions, resulting in a runtime panic [CWE-362].

Attack Vector

Exploitation requires network access to the Argo CD API and a valid token with repositories permissions for create, update, or delete. An attacker scripts concurrent requests against the same repository URL endpoint to trigger the race. Repeating the request pattern after each restart maintains the denial-of-service condition indefinitely. Refer to the GitHub Security Advisory GHSA-g88p-r42r-ppp9 and the fix commit for technical details.

Detection Methods for CVE-2025-55191

Indicators of Compromise

  • Repeated Argo CD server pod restarts or CrashLoopBackOff status in the argocd namespace.
  • Panic stack traces in argocd-server logs referencing util/db/repository_secrets.go.
  • Bursts of concurrent API calls to /api/v1/repositories endpoints from a single token or source IP.

Detection Strategies

  • Monitor Kubernetes pod restart counts and liveness probe failures for argocd-server and alert on abnormal restart frequency.
  • Audit Argo CD API access logs for parallel POST, PUT, or DELETE requests targeting the same repository URL within short time windows.
  • Review issued API tokens and service accounts for those holding repositories, create/update/delete RBAC permissions.

Monitoring Recommendations

  • Ship Argo CD server and Kubernetes audit logs to a centralized analytics platform and create alerts for panic signatures.
  • Track API request rate per token and flag tokens generating high-volume concurrent repository mutations.
  • Correlate Argo CD availability metrics with API traffic patterns to identify deliberate DoS attempts.

How to Mitigate CVE-2025-55191

Immediate Actions Required

  • Upgrade Argo CD to a patched release: 2.14.20, 3.0.19, 3.1.8, or 3.2.0-rc2.
  • Inventory all API tokens with repositories create, update, or delete permissions and revoke tokens that are not required.
  • Restrict network access to the Argo CD API server to trusted administrative networks only.

Patch Information

The fix is delivered in Argo CD versions 2.14.20, 3.0.19, 3.1.8, and 3.2.0-rc2. The remediation is included in commit 701bc50d01c752cad96185f848088d287a97c7b7, which adds synchronization to the repository secret handlers in util/db/repository_secrets.go. Review the GitHub Security Advisory for full upgrade guidance.

Workarounds

  • Apply least-privilege RBAC: remove repositories write permissions from project roles and service accounts that do not need them.
  • Place a rate-limiting reverse proxy or API gateway in front of argocd-server to throttle concurrent requests to repository endpoints.
  • Configure Kubernetes liveness probes and pod restart policies to recover quickly from crashes while patching is scheduled.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.