Authorization Bypass in Smallstep Step CA ACME and SCEP Provisioner
CVE-2025-44005

10CRITICAL

Key Information:

Vendor: Smallstep
Status: Step-ca
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-44005?

An authorization bypass vulnerability exists in Smallstep's Step CA ACME and SCEP provisioner, enabling an attacker to improperly create certificates without successfully completing the required protocol authorization checks. This flaw compromises the intended security measures, potentially allowing unauthorized users to obtain certificates and exploit trust relationships.

Affected Version(s)

Step-CA 0.28.4

Step-CA v0.28.3

Step-CA 0

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://github.com/smallstep/certificates/security/adviso...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Jul 28, 2025

Credit

Stephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG)

JSON