Inclusion of Sensitive Information in Log Files in Argo CD - CVE-2025-23216
Published: January 30, 2025 / Updated: May 2, 2026
Vulnerability identifier: #VU129007
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-23216
CWE-ID: CWE-532
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Argo
Affected software:
Argo CD
Argo CD
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper handling of secret values in patch errors and diff view in Argo CD when syncing an invalid Kubernetes Secret resource from a repository. A remote privileged user can commit an invalid Secret to a repository and trigger a sync to disclose sensitive information.
Once exploited, secret data may be visible to users with read access to Argo CD.
How to mitigate CVE-2025-23216
Install security update from vendor's website.