Our CVE of the Week, CVE-2025-62156, is about Argo Workflows, which is an open source container-native workflow engine for orchestrating complex, parallel jobs on Kubernetes.

Critical flaw has been found in versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction.

What is artifact extraction and why is it important?

Artifact extraction is the process of pulling specific information or data (“artifacts”) from a larger source, which can be found in contexts like video games, software, digital forensics, and security analysis. The specific artifacts and methods vary widely; for example, a game might extract items for a “reforge” process, while a security tool might extract malicious data from a file.

In Argo Workflows during artifact extraction the unpack/untar logic (workflow/executor/executor.go) uses filepath.Join(dest, filepath.Clean(header.Name)) without validating that header.Name stays within the intended extraction directory. A malicious archive entry can supply a traversal or absolute path that, after cleaning, overrides the destination directory and causes files to be written outside the /work/tmp extraction path and into system directories such as /etc inside the container.

The vulnerability enables arbitrary file creation or overwrite in system configuration locations (for example /etc/passwd, /etc/hosts, /etc/crontab), which can lead to privilege escalation or persistence within the affected container. This container isolation bypass allows attackers to potentially compromise the security of the container by manipulating critical system files.

How can we prevent this for happening?

The solution is to make sure you update to 3.6.12 or 3.7.3 to remediate the issue.

More about on the following websites:
https://www.wiz.io/vulnerability-database/cve/cve-2025-62156
https://nvd.nist.gov/vuln/detail/CVE-2025-62156

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 45 – Zip Slip Hits Argo Workflows

03 – 09 Nov 2025

Our CVE of the Week, CVE-2025-62156, is about Argo Workflows, which is an open source container-native workflow engine for orchestrating complex, parallel jobs on Kubernetes.

What is artifact extraction and why is it important?

How can we prevent this for happening?

6th Annual CISO 360 Middle East

The Future of Secure Organisations

Neurotechnology Summit 2025

WAM Morocco debuts in Casablanca, 20–22 January 2026

Third Party & Supply Chain Cyber Security Summit: Middle East Edition