CVE-2025-44005
smallstep · Step-CA
An authorization bypass in smallstep Step-CA allows attackers to force the creation of certificates without completing required protocol authorization checks.
Executive summary
A critical authorization bypass in smallstep Step-CA allows unauthenticated attackers to issue unauthorized certificates, undermining the integrity of the PKI infrastructure.
Vulnerability
This vulnerability involves an improper authentication flaw (CWE-287) in the ACME and SCEP provisioners. An unauthenticated attacker can bypass authorization checks to force the issuance of certificates without fulfilling the necessary protocol requirements.
Business impact
With a CVSS score of 10.0, this vulnerability allows for the unauthorized issuance of valid certificates, which can be used to impersonate services or intercept encrypted traffic. This represents a total loss of trust in the certificate authority's issuance process, leading to significant reputational damage and security risk.
Remediation
Immediate Action: Update smallstep Step-CA to the latest patched version. Review all certificate issuance logs for suspicious activity occurring after the introduction of the affected versions.
Proactive Monitoring: Monitor ACME and SCEP logs for anomalous certificate requests or requests that lack proper authorization headers.
Compensating Controls: If immediate updates are not possible, restrict access to the ACME/SCEP endpoints via network-level controls to trusted IP addresses only.
Exploitation status
Public Exploit Available: Yes (Proof-of-Concept)
Analyst recommendation
This is a critical vulnerability with confirmed Proof-of-Concept availability. Organizations must prioritize patching their Step-CA deployments immediately to prevent the unauthorized issuance of certificates and maintain the integrity of their PKI environment.