CVE-2025-66406 | smallstep certificates up to 0.28.x SSH Certificate authorization (GHSA-j7c9-79×7-8hpr)

A vulnerability, which was classified as problematic, was found in smallstep certificates up to 0.28.x. Impacted is an unknown function of the component SSH Certificate Handler. Such manipulation leads to incorrect authorization.

This vulnerability is documented as CVE-2025-66406. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More