{"id":"CVE-2025-44005","details":"An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.","aliases":["GHSA-h8cp-697h-8c8p","GO-2025-4180"],"modified":"2026-05-15T04:13:51.844262015Z","published":"2025-12-17T15:16:16.495Z","related":["CGA-ffjg-5f45-g48f","SUSE-SU-2025:4395-1"],"database_specific":{"cwe_ids":["CWE-287"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/44xxx/CVE-2025-44005.json","cna_assigner":"talos"},"references":[{"type":"WEB","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2242"},{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2242"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/44xxx/CVE-2025-44005.json"},{"type":"ADVISORY","url":"https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-44005"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"}]}