CVE-2025-66626 Overview
CVE-2025-66626 is a symlink attack vulnerability in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The vulnerability exists in the unsafe untar code that handles symbolic links in archives, where the computation of a link's target and the subsequent validation check are flawed. This allows an attacker to craft malicious archives containing symbolic links that can bypass path validation, enabling arbitrary file overwrite within the container.
Critical Impact
An attacker can overwrite the critical file /var/run/argo/argoexec with a script of their choice, which would be executed at pod startup, potentially leading to container compromise and unauthorized access to Kubernetes cluster resources.
Affected Products
- Argoproj Argo Workflows versions 3.6.13 and below
- Argoproj Argo Workflows versions 3.7.0 through 3.7.4
Discovery Timeline
- 2025-12-09 - CVE-2025-66626 published to NVD
- 2025-12-19 - Last updated in NVD database
Technical Details for CVE-2025-66626
Vulnerability Analysis
This vulnerability represents a bypass of the previous security patch deployed against CVE-2025-62156. The flawed symlink validation in the archive extraction code fails to properly resolve and validate symbolic link targets before creating them on the filesystem.
The vulnerable code path in workflow/executor/executor.go attempts to validate symlink targets by joining the directory path with the link name and checking if the result stays within the destination directory. However, the validation is ineffective against crafted archives because it does not properly handle absolute symlink targets before performing the path join operation. When a symlink with an absolute path target is encountered, the join operation produces an unexpected result, allowing the symlink to point outside the intended extraction directory.
Root Cause
The root cause lies in the improper validation of symbolic link targets during tar archive extraction. The original code computed the link target by joining the directory of the target file with header.Linkname without first checking whether the link target is an absolute path. This oversight allows attackers to craft archives with symbolic links containing absolute paths that escape the intended destination directory bounds.
Attack Vector
An attacker can exploit this vulnerability by:
- Crafting a malicious tar archive containing a symbolic link with a carefully constructed target path
- Uploading or providing this archive to an Argo Workflow that processes artifacts
- When the archive is extracted, the symlink bypasses the path validation check
- The attacker overwrites /var/run/argo/argoexec with a malicious script
- The malicious script executes when the pod starts, granting the attacker code execution within the container
if !strings.HasPrefix(target, filepath.Clean(dest)+string(os.PathSeparator)) {
return fmt.Errorf("illegal file path: %s", header.Name)
}
switch header.Typeflag {
case tar.TypeSymlink:
- linkTarget := filepath.Join(filepath.Dir(target), header.Linkname)
+ // Validate symlink target before creating it
+ linkTarget := header.Linkname
+ if !filepath.IsAbs(linkTarget) {
+ linkTarget = filepath.Join(filepath.Dir(target), header.Linkname)
+ }
if !strings.HasPrefix(filepath.Clean(linkTarget), filepath.Clean(dest)+string(os.PathSeparator)) {
return fmt.Errorf("illegal symlink target: %s -> %s", header.Name, header.Linkname)
}
+ // Create parent directory if needed
+ if err := os.MkdirAll(filepath.Dir(target), 0o755); err != nil {
+ return err
+ }
err := os.Symlink(header.Linkname, target)
if err != nil {
return err
Source: GitHub Commit 6b92af23f35aed4d4de8b04adcaf19d68f006de1
Detection Methods for CVE-2025-66626
Indicators of Compromise
- Unexpected modifications to /var/run/argo/argoexec file in workflow pods
- Symbolic links within extracted artifact directories pointing to paths outside the extraction destination
- Unusual script execution patterns during pod initialization
- Unexpected process spawning from argoexec processes
Detection Strategies
- Monitor filesystem changes to critical Argo Workflows executables, particularly /var/run/argo/argoexec
- Implement runtime security monitoring for container workloads to detect file integrity violations
- Audit artifact handling workflows for archives containing suspicious symbolic links
- Deploy container security solutions that can detect path traversal attempts during archive extraction
Monitoring Recommendations
- Enable Kubernetes audit logging to track artifact upload and extraction activities
- Configure alerts for unexpected file modifications in Argo executor containers
- Implement SentinelOne Singularity for Kubernetes to monitor container runtime behavior
- Review workflow definitions for untrusted artifact sources that could deliver malicious archives
How to Mitigate CVE-2025-66626
Immediate Actions Required
- Upgrade Argo Workflows to version 3.6.14 or 3.7.5 immediately
- Audit existing workflows for any artifacts sourced from untrusted locations
- Review pod security policies to restrict write access to critical system paths
- Implement network policies to limit artifact sources to trusted repositories
Patch Information
The fix has been released in Argo Workflows versions 3.6.14 and 3.7.5. The patch adds proper validation for absolute symbolic link targets before the path join operation. The security fix ensures that both relative and absolute symlink targets are validated against the destination directory bounds before the symlink is created on the filesystem.
For detailed patch information, refer to the GitHub Security Advisory GHSA-xrqc-7xgx-c9vh and the security patch commit.
Workarounds
- Restrict artifact sources to only trusted, verified repositories until patches can be applied
- Implement admission controllers to reject workflows that process artifacts from external sources
- Use read-only root filesystems for Argo executor containers where possible
- Deploy runtime security solutions to block unauthorized file modifications in container workloads
# Upgrade Argo Workflows using Helm
helm repo update
helm upgrade argo-workflows argo/argo-workflows --version 3.7.5 -n argo
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
