A critical cross-site scripting (XSS) vulnerability, officially tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been identified in Argo CD, a widely used open-source GitOps tool for Kubernetes.
This flaw affects the repository URL handling mechanism in the Argo CD user interface, specifically due to improper validation of URL protocols in the ui/src/app/shared/components/urls.ts file.
https://gbhackers.com/critical-argo-cd-flaw/