CVE

CVE-2025-59531

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd

Back to all

CVE

CVE-2025-59531

Unauthenticated argocd-server panic via a malicious Bitbucket-Server webhook payload in github.com/argoproj/argo-cd

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Related Resources

No items found.

References

https://github.com/argoproj/argo-cd/security/advisories/GHSA-f9gq-prrc-hrhc, https://nvd.nist.gov/vuln/detail/CVE-2025-59531, https://github.com/argoproj/argo-cd/commit/5c466a4e39802e059e75c0008ae7b7b8e842538f

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.00085%

EPSS Percentile

0.24991%

Introduced Version

1.2.0,2.0.0-rc1,3.2.0-rc1,v3.2.0-rc1,v3.1.0-rc1,v3.0.0-20250326122706-2fbace3fe7b2,v3.0.0-rc1,v3.0.0-20250110211400-4d9835927d8d,v2.0.0-rc1,v2.0.0-20210401184418-ae49b4524920,v1.2.0-rc1,v0.0.0-20190624234044-60fedf098500

Fix Available

2.14.20,3.2.0-rc2,v3.2.0-rc2,v3.1.8,v3.0.0-20250930134521-5c466a4e3980,v3.0.19,v3.0.0-20250930134521-307073647669,v2.14.20,v2.0.0-20250930134521-7b219ee97fd1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2025-59531

CVE-2025-59531

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly