CVE-2025-66406

CVSS v3.1

5.0

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions Step CA versions prior to 0.29.0

Description Step CA is an online certificate authority for secure, automated certificate management for DevOps. A flaw exists in the authorization check for SSH certificate revocation, specifically impacting deployments configured with the SSHPOP provisioner. This issue allows for potential unauthorized actions related to SSH certificate revocation.

Recommendations Update to version 0.29.0 or later.

Exploit

Fix

Improper Authorization

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-863

Related Identifiers

CLEANSTART-2026-KV78041

CVE-2025-66406

GHSA-J7C9-79X7-8HPR

GO-2025-4181

SUSE-SU-2025:4395-1

Affected Products

Step Ca

CVE-2025-66406

Weakness Enumeration

Related Identifiers

Affected Products

References · 86