CVE-2025-66406

Vulnerability Description

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0.

Vulnerability Details

Published Date

December 03, 2025

Last Modified

December 04, 2025

Source

NVD

CVE-2025-66406

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment