CVE

CVE-2025-44005

Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates

Back to all

CVE

CVE-2025-44005

Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Related Resources

No items found.

References

https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p, https://github.com/smallstep/certificates/commit/1011f5f5408b470a636f583bf74c0d7bbaf75d72

Severity

10

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

0.00024%

EPSS Percentile

0.06236%

Introduced Version

0,v0.18.3-rc1,v0.0.0-20220311042101-616490a9c6b8,v0.0.0-20220310043741-afb5d362061c,v0.15.16-rc7,v0.0.0-20210703020517-9fdef647099d,v0.0.0-20210526225804-48c86716a0a5,v0.13.0,v0.0.0-20190913224833-e3826dd1c33f,v0.10.0,v0.0.0-20190410205035-ab4d569f3638,v0.0.1-rc.1,v0.0.0-20181005214836-c284a2c0ab1c

Fix Available

0.29.0,v0.29.0,v0.0.0-20251203005444-1011f5f5408b

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2025-44005

CVE-2025-44005

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

10

Basic Information

Fix Critical Vulnerabilities Instantly