Introduction
Attackers can overwrite critical files like /etc/passwd or /etc/crontab inside Kubernetes workflow containers by exploiting a flaw in Argo Workflows' artifact extraction. This vulnerability impacts organizations orchestrating data pipelines, CI/CD, or ML workflows on Kubernetes clusters using affected Argo Workflows versions.
Argo Workflows is a leading open source workflow engine for Kubernetes, maintained by the Argo project under the CNCF. It is widely used by hundreds of organizations for orchestrating parallel jobs, data pipelines, and CI/CD workflows across cloud and on-premises environments. Its popularity and integration with major cloud providers make vulnerabilities in Argo Workflows highly impactful across the tech industry.
Technical Information
CVE-2025-62156 is a Zip Slip path traversal vulnerability in the artifact extraction logic of Argo Workflows. The vulnerability resides in the workflow executor component, specifically in the unpack/untar logic in workflow/executor/executor.go. When extracting artifacts (ZIP or TAR files), the code constructs the destination path for each archive entry using:
filepath.Join(dest, filepath.Clean(header.Name))
Here, dest is the intended extraction directory (typically /work/tmp), and header.Name is the file path from the archive entry. The use of filepath.Clean normalizes the path but does not ensure that the resulting path remains within the intended extraction directory. If an archive entry contains a path like ../../../../etc/passwd or an absolute path like /etc/crontab, after cleaning, the resulting path can escape the extraction directory.
This allows an attacker to craft a malicious archive with entries that, when extracted, overwrite files outside /work/tmp, including sensitive system files within the container. Overwriting /etc/passwd can enable privilege escalation by adding or modifying user accounts. Modifying /etc/crontab or /etc/hosts can establish persistence or disrupt container operations. The vulnerability affects both ZIP and TAR artifact extraction.
The root cause is the lack of validation after cleaning the archive entry path. There is no check to ensure the final extraction path is still a child of the intended extraction directory, enabling directory traversal attacks.
Affected Systems and Versions
- Product: Argo Workflows (open source workflow engine for Kubernetes)
- Affected versions:
- All versions prior to 3.6.12
- Versions 3.7.0 through 3.7.2
- Fixed in:
- 3.6.12
- 3.7.3
Any deployment running an affected version and allowing artifact extraction from untrusted sources is vulnerable.
Vendor Security History
Argo Workflows has previously addressed vulnerabilities in artifact handling, authentication, and privilege escalation. The project maintains a public security advisory process and collaborates with the CNCF and HackerOne for responsible disclosure. Past advisories include issues with workflow archive access, daemon workflow resource exhaustion, and privilege escalation via artifact handling. The vendor typically provides timely patches and clear upgrade guidance.