VDB

CVE-2025-66406

CVE-2025-66406 PUBLISHED CVSS 5 MEDIUM

step-ca Has Improper Authorization Check for SSH Certificate Revocation

EPSS 0.03% · 8.3th percentile

Risk Scores

CVSS v3.1
5
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
EPSS Score
0.03%
8.3th percentile

Affected Products

VendorProductVersions
smallstepcertificates< 0.29.0
github.comsmallstep/certificates0

Timeline

  • Dec 3, 2025 CVE Published
  • Dec 4, 2025 EPSS Score
  • Dec 8, 2025 EPSS Score
  • Dec 13, 2025 EPSS Score
  • Dec 17, 2025 EPSS Score
  • Dec 20, 2025 CVE Updated
  • Dec 21, 2025 EPSS Score
  • Dec 26, 2025 EPSS Score
  • Dec 30, 2025 EPSS Score
  • Jan 3, 2026 EPSS Score
  • Jan 8, 2026 EPSS Score
  • Jan 12, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›