Critical CVE-2025-32445 Vulnerability in Argo Events Scores CVSS 10

A critical security vulnerability has been discovered in Argo Events, an event-driven workflow automation framework for Kubernetes. The vulnerability, identified as CVE-2025-32445, carries the maximum CVSS score of 10.

The core issue lies in how Argo Events handles EventSource and Sensor custom resources (CRs). The advisory warns that “a user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges”.

Specifically, the EventSource and Sensor CRs can be customized with spec.template and spec.template.container. This customization allows users to specify various container properties, such as command, args, securityContext, and volumeMount. Due to the code logic, these specifications are applied to the EventSource or Sensor pod.

The advisory provides a sample EventSource configuration that demonstrates how this vulnerability can be exploited. By carefully crafting the template.container section, an attacker can gain privileged access to the cluster host. The example includes settings like privileged: true, adding the SYS_ADMIN capability, and mounting the host’s root filesystem.

The consequences of this vulnerability are severe, especially in multi-tenant Kubernetes clusters. Successful exploitation can lead to:

• Tenant isolation being broken
• Non-admin users gaining host/cluster access
• Access to other tenants’ data
• Bypassing security models, including RBAC restrictions and Pod Security Policies/Standards
• Compromise of the host system

The Argo team has released a patch to address this vulnerability. The patched version, v1.9.6, limits the allowed properties under spec.template.container. Users of Argo Events are strongly advised to upgrade to this version as soon as possible to mitigate the risk.

Related Posts:

• Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover
• Critical-Severity Flaw in Argo CD
• Critical security bypass vulnerability in Argo CD
• CVE-2024-31989: Critical Argo CD Flaw Exposes Kubernetes Clusters to Takeover
• Argo CD Users Beware: CVE-2024-28175 (CVSS 9.0) – Critical XSS Vulnerability Exposed