Risk Scores
CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.02%
6.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | smallstep/certificates | 0 |
| smallstep | Step-CA | 0.28.4, v0.28.3 |
Timeline
- Dec 3, 2025 CVE Published
- Dec 6, 2025 PoC Published
- Dec 17, 2025 PoC Published
- Dec 17, 2025 PoC Published
- Dec 18, 2025 EPSS Score
- Dec 21, 2025 EPSS Score
- Dec 25, 2025 EPSS Score
- Dec 28, 2025 EPSS Score
- Dec 31, 2025 EPSS Score
- Jan 4, 2026 EPSS Score
- Jan 7, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2025-2242 url
- https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p url
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2242 url
- https://github.com/smallstep/certificates/commit/1011f5f5408b470a636f583bf74c0d7bbaf75d72 url
- https://github.com/smallstep/certificates package