Critical severity10.0GHSA Advisory· Published Dec 17, 2025· Updated Apr 15, 2026
CVE-2025-44005
CVE-2025-44005
Description
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/smallstep/certificatesGo | < 0.29.0 | 0.29.0 |
Affected products
11- Range: <= 0.28.4
- osv-coords10 versionspkg:apk/chainguard/caddypkg:apk/chainguard/caddy-fipspkg:apk/chainguard/caddy-manpkg:apk/chainguard/caddy-srcpkg:apk/wolfi/caddypkg:apk/wolfi/caddy-manpkg:apk/wolfi/caddy-srcpkg:golang/github.com/smallstep/certificatespkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.10.2-r6+ 9 more
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 2.10.2-r6
- (no CPE)range: < 0.29.0
- (no CPE)range: < 0.0.20251209T172047-150000.1.127.1
- (no CPE)range: < 0.0.20251209T172047-150000.1.127.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h8cp-697h-8c8pghsaADVISORY
- github.com/smallstep/certificates/commit/1011f5f5408b470a636f583bf74c0d7bbaf75d72ghsaWEB
- github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8pnvdWEB
- talosintelligence.com/vulnerability_reports/TALOS-2025-2242nvd
- www.talosintelligence.com/vulnerability_reports/TALOS-2025-2242nvd
News mentions
0No linked articles in our index yet.