CVE-2025-62156: Argo Workflows Path Traversal Vulnerability

CVE-2025-62156 Overview

CVE-2025-62156 is a Zip Slip path traversal vulnerability [CWE-22] in Argo Workflows, the open source container-native workflow engine for Kubernetes. The flaw affects versions prior to 3.6.12 and versions 3.7.0 through 3.7.2. During artifact extraction, the unpack/untar logic in workflow/executor/executor.go calls filepath.Join(dest, filepath.Clean(header.Name)) without verifying that header.Name remains within the intended extraction directory. A malicious archive entry containing a traversal sequence or absolute path can escape the /work/tmp extraction path. Attackers can write files into system directories such as /etc inside the container, enabling privilege escalation or persistence.

Critical Impact

Arbitrary file write into container system paths like /etc/passwd, /etc/hosts, and /etc/crontab can lead to in-container privilege escalation and workflow-executor persistence.

Affected Products

• Argoproj Argo Workflows versions prior to 3.6.12
• Argoproj Argo Workflows versions 3.7.0 through 3.7.2
• Container deployments using the affected workflow executor on Kubernetes

Discovery Timeline

• 2025-10-14 - CVE-2025-62156 published to the National Vulnerability Database
• 2026-02-06 - Last updated in NVD database

Technical Details for CVE-2025-62156

Vulnerability Analysis

The Argo Workflows executor extracts artifacts retrieved from object stores and other sources before workflow steps run. The extraction routine in workflow/executor/executor.go builds destination paths using filepath.Join(dest, filepath.Clean(header.Name)). filepath.Clean collapses traversal sequences, but it does not constrain the result to the dest directory. When header.Name contains an absolute path, filepath.Join discards the dest prefix entirely. When it contains sufficient ../ segments, the cleaned path resolves above the extraction root. The executor then writes archive content to the resulting filesystem location.

Inside the workflow pod, the executor typically runs with permissions to write across the container filesystem. A crafted artifact archive can overwrite /etc/passwd to add a privileged account, modify /etc/hosts to redirect traffic, or drop a /etc/crontab entry to gain code execution outside the workflow context. The behavior matches the Zip Slip class of archive extraction flaws.

Root Cause

The root cause is missing validation of archive entry names against the canonicalized extraction directory. The code trusts filepath.Clean to neutralize traversal, but cleaning does not enforce containment. Safe extraction requires resolving the joined path and confirming it has the destination directory as a prefix before writing.

Attack Vector

Exploitation requires the ability to supply or substitute an artifact consumed by an Argo Workflow. An attacker with permission to submit workflows, modify artifact sources, or compromise an upstream artifact repository can deliver a malicious archive. Authentication is required (PR:L), and the attack proceeds over the network without user interaction.

The vulnerability is a classic Zip Slip pattern. Archive entries with names like ../../../../etc/crontab or absolute paths such as /etc/passwd are written outside /work/tmp when the executor unpacks the artifact. See the GitHub Security Advisory GHSA-p84v-gxvw-73pf and the vulnerable code location in executor.go for technical detail.

Detection Methods for CVE-2025-62156

Indicators of Compromise

• Unexpected modifications to /etc/passwd, /etc/shadow, /etc/hosts, /etc/crontab, or files under /etc/cron.* within workflow executor containers.
• Files written outside the /work/tmp artifact extraction directory during workflow execution.
• Archive artifacts containing entries with ../ sequences or absolute paths in header.Name fields.
• Workflow pods spawning unexpected child processes shortly after artifact retrieval.

Detection Strategies

• Inspect archive contents before submission and reject entries whose names contain .. segments or leading /.
• Audit Argo Workflows executor logs for artifact extraction targeting paths outside the expected working directory.
• Compare deployed Argo Workflows versions against 3.6.12 and 3.7.3 baselines across all clusters.

Monitoring Recommendations

• Enable Kubernetes audit logging for workflow pod activity and alert on writes to /etc paths inside executor containers.
• Monitor file integrity for system configuration files within container images used by workflow executors.
• Track artifact source repositories for unauthorized changes that could introduce malicious archives.

How to Mitigate CVE-2025-62156

Immediate Actions Required

• Upgrade Argo Workflows to 3.6.12 or 3.7.3 across all clusters.
• Restrict workflow submission permissions to trusted users and service accounts while patching is in progress.
• Audit artifact repositories referenced by workflows for unexpected or attacker-controlled archives.
• Run workflow executor containers with a read-only root filesystem where possible to limit write impact.

Patch Information

The maintainers fixed the issue in Argo Workflows 3.6.12 and 3.7.3. The remediation validates that the joined extraction path stays within the destination directory before writing. Review the upstream fixes in commit 5659ad9b and commit 9f6bc5d2.

Workarounds

• Disable or restrict workflows that consume archives from untrusted sources until the upgrade is complete.
• Apply Pod Security Standards or admission policies that mount a read-only root filesystem for executor containers.
• Use OPA/Gatekeeper or Kyverno policies to block workflows referencing artifact sources outside an allow-list.
• Pre-validate archives in a hardened sandbox and reject any entry whose normalized path escapes the extraction root.

# Verify and upgrade Argo Workflows to a patched release
kubectl -n argo get deploy workflow-controller \
  -o jsonpath='{.spec.template.spec.containers[0].image}{"\n"}'

helm repo update
helm upgrade argo-workflows argo/argo-workflows \
  --namespace argo \
  --version 3.7.3

kubectl -n argo rollout status deploy/workflow-controller