A critical cross-site scripting (XSS) vulnerability, tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been discovered in Argo CD, a popular open-source GitOps tool for Kubernetes.

It steals browsers' databases and attempts all Chromium-based browsers that share the same structure of databases and also will explore Mozilla-based web engines and “Thunderbird” mail client which is based on Mozilla.