CVE-2025-66626 is a relative path traversal vulnerability (CWE-23) combined with command injection potential (CWE-78) in Argo Workflows, a container-native workflow engine widely used to orchestrate parallel jobs on Kubernetes clusters. The vulnerability arises from unsafe untar code that incorrectly computes and validates symbolic link targets within archive files. Specifically, when Argo Workflows extracts archives containing symbolic links, the flawed logic allows an attacker to craft archives that cause files to be written outside the intended extraction directory. This enables overwriting of the /var/run/argo/argoexec file with attacker-controlled scripts. Since this file is executed at pod startup, the attacker gains the ability to execute arbitrary code within the pod context. The vulnerability affects versions up to 3.6.13 and from 3.7.0 through 3.7.4. Notably, a previous patch addressing a related vulnerability (CVE-2025-62156) does not mitigate this issue, indicating a distinct flaw in symbolic link handling. The vulnerability has a CVSS v3.1 score of 8.1, reflecting high severity due to network attack vector, low attack complexity, required privileges, no user interaction, and high impact on integrity and availability. No known exploits are currently reported in the wild, but the potential for pod compromise and workflow disruption is significant. The flaw primarily threatens Kubernetes environments running Argo Workflows where untrusted or malicious archives can be introduced, either via CI/CD pipelines or workflow inputs.

For European organizations, this vulnerability poses a significant risk to the integrity and availability of Kubernetes-based workflow automation. Successful exploitation can lead to arbitrary code execution within pods, enabling attackers to manipulate workflows, exfiltrate sensitive data, or disrupt critical business processes. Given the increasing adoption of Kubernetes and Argo Workflows in cloud-native infrastructures across Europe, including in sectors like finance, manufacturing, and public services, the impact could be widespread. Compromised pods may serve as footholds for lateral movement within clusters, potentially affecting multi-tenant environments and shared infrastructure. The overwrite of /var/run/argo/argoexec could also allow persistent malicious payloads that execute on pod restarts, complicating incident response. Additionally, disruption of automated workflows can delay deployments and data processing, impacting operational continuity. The vulnerability’s exploitation does not require user interaction but does require some level of privilege or access to submit crafted archives, which may be feasible in environments with insufficient access controls or exposed APIs.

1. Upgrade all Argo Workflows deployments to versions 3.6.14 or 3.7.5 or later, where this vulnerability is patched. 2. Restrict the sources of archive files used in workflows to trusted repositories and validate archive contents before processing. 3. Implement strict admission controls and RBAC policies in Kubernetes to limit who can submit workflows or artifacts that trigger untar operations. 4. Employ runtime security tools that monitor and restrict file system changes within pods, especially in sensitive directories like /var/run/argo. 5. Use container security best practices such as running pods with least privilege, disabling unnecessary capabilities, and using read-only root filesystems where possible. 6. Audit existing workflows and CI/CD pipelines for usage of untrusted archives and remediate accordingly. 7. Monitor logs and alerts for unusual pod restarts or modifications to critical files indicative of exploitation attempts. 8. Consider network segmentation to isolate Kubernetes control planes and workflow engines from untrusted networks. These steps go beyond generic patching by focusing on reducing attack surface and improving detection and containment.