CRITICAL🇵🇱 Wersja polska

CVE-2025-44005

CVSS 10.0v3.1pub. 2025-12-17upd. 2026-04-15

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.

🤖 AI Analysis
How it works

The vulnerability, classified as CWE-287 (Improper Authentication), allows a remote attacker to bypass authorization control mechanisms in ACME or SCEP provisioners in Step CA. An attacker can thus trick the server into issuing certificates without completing the required identity verification steps provided by the respective protocol. The attack is possible remotely, without authentication, and its scope of impact extends beyond the directly vulnerable component (S:C in the CVSS vector).

Impact

An attacker can obtain fraudulent digital certificates for arbitrary domains or identities without legitimate authorization, leading to serious compromise of PKI infrastructure integrity and potential impersonation of trusted services.

Mitigation & patch

Apply patches available from the vendor according to references — detailed information about the patched version can be found in the security advisory at https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p

Who is affected

Versions indicated in vendor references (smallstep/certificates — ACME and SCEP provisioner components in Step CA)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References