GHSA-XRQC-7XGX-C9VH

Vulnerability from github – Published: 2025-12-09 17:17 – Updated: 2025-12-09 21:37
VLAI?
Summary
RCE via ZipSlip and symbolic links in argoproj/argo-workflows
Details

Summary

The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links.

Details

The untar code that handles symbolic links in archives is unsafe. Concretely, the computation of the link's target and the subsequent check are flawed: https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037

PoC

  1. Create a malicious archive containing two files: a symbolik link with path "./work/foo" and target "/etc", and a normal text file with path "./work/foo/hostname".
  2. Deploy a workflow like the one in https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf with the malicious archive mounted at /work/tmp.
  3. Submit the workflow and wait for its execution.
  4. Connect to the corresponding pod and observe that the file "/etc/hostname" was altered by the untar operation performed on the malicious archive. The attacker can hence alter arbitrary files in this way.

Impact

The attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which will be executed at the pod's start.

Severity ?
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.7.0"
            },
            {
              "fixed": "3.7.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/argoproj/argo-workflows"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.5.3-rc4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-66626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-23",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-09T17:17:22Z",
    "nvd_published_at": "2025-12-09T21:16:00Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links.\n\n### Details\nThe untar code that handles symbolic links in archives is unsafe. Concretely, the computation of the link\u0027s target and the subsequent check are flawed: \nhttps://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037\n\n### PoC\n1. Create a malicious archive containing two files: a symbolik link with path \"./work/foo\" and target \"/etc\", and a normal text file with path \"./work/foo/hostname\".\n2. Deploy a workflow like the one in https://github.com/argoproj/argo-workflows/security/advisories/GHSA-p84v-gxvw-73pf with the malicious archive mounted at /work/tmp.\n3. Submit the workflow and wait for its execution. \n4. Connect to the corresponding pod and observe that the file \"/etc/hostname\" was altered by the untar operation performed on the malicious archive. The attacker can hence alter arbitrary files in this way. \n\n### Impact\nThe attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which will be executed at the pod\u0027s start.",
  "id": "GHSA-xrqc-7xgx-c9vh",
  "modified": "2025-12-09T21:37:39Z",
  "published": "2025-12-09T17:17:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-p84v-gxvw-73pf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/argoproj/argo-workflows"
    },
    {
      "type": "WEB",
      "url": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": " RCE via ZipSlip and symbolic links in argoproj/argo-workflows"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.