CVE-2025-55190

[stroup12]

Hello,

argocd-image-updater version v0.16.0 is showing to following critical vulnerability in trivy image scanner . Is this expected to be addressed in an upcoming release? If so is there a timeline/expected version for fix? Thank you.

CVE-2025-55190
Gobinary
package: github.com/argoproj/argo-cd/v2
version: v2.13.5
fix version: 2.13.9, 2.14.6

[chengfang]

This CVE has been fixed in image updater master branch, and will be available in the next release 0.17.0 pretty soon.

[chengfang]

0.17.0 was released on 2025-09-28