Critical CVE-2025-32445 Vulnerability in Argo Events Scores CVSS 10 - #CVE-2025-32445
A critical security vulnerability, CVE-2025-32445, has been discovered in Argo Events, a Kubernetes workflow automation tool, with a maximum CVSS score of 10. The flaw allows users to gain privileged access to host systems and clusters by exploiting the processing of EventSource and Sensor custom resources. This vulnerability enables attackers to execute commands with elevated privileges, compromise tenant isolation, and bypass security controls like RBAC and Pod Security Policies. The issue stems from the customization of spec.template and spec.template.container fields. In response, the Argo team has released a patch in version v1.9.6, which restricts the properties that can be set under spec.template.container. Users are strongly advised to update to the patched version immediately to mitigate the associated risks.