Improper Authorization Check in Step CA for SSH Certificate Revocation
CVE-2025-66406

5MEDIUM

Key Information:

Vendor: Smallstep
Status: Certificates
Vendor: CVE Published:; 3 December 2025

What is CVE-2025-66406?

Step CA, an online certificate authority used in DevOps for secure and automated certificate management, contains a vulnerability related to improper authorization checks for SSH certificate revocation. This flaw is evident in configurations that utilize the SSHPOP provisioner and could lead to unauthorized users obtaining certificates without proper validation. The issue has been addressed in version 0.29.0, which is crucial for maintaining secure operations within affected deployments.

Affected Version(s)

certificates < 0.29.0

References

https://github.com/smallstep/certificates/security/adviso...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2025
Vulnerability Reserved
Nov 28, 2025

JSON

Smallstep

What is CVE-2025-66406?

Affected Version(s)

References

CVSS V3.1

Timeline