FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

step-certificates -- Authorization Bypass in ACME and SCEP Provisioners

Affected packages
step-certificates < 0.29.0

Details

VuXML ID eca46635-db51-11f0-9b8d-40a6b7c3b3b8
Discovery 2025-12-03
Entry 2025-12-17

smallstep reports:

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.

[source]

References

CVE Name CVE-2025-44005
URL https://github.com/advisories/ghsa-h8cp-697h-8c8p

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.