CVE-2025-44005 | smallstep Step-CA 0.28.3/0.28.4 improper authorization (TALOS-2025-2242)

December 17, 2025 Yanac

A vulnerability was found in smallstep Step-CA 0.28.3/0.28.4 and classified as critical. Affected is an unknown function. The manipulation results in improper authorization.

This vulnerability is cataloged as CVE-2025-44005. The attack may be launched remotely. There is no exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More

CVE-2025-14836 | ZZCMS 2025 User Data Storage /reg/user_save.php cleartext storage in a file or on disk
CVE-2022-23851 | Netaxis API Orchestrator up to 0.19.2 special elements used in a template engine