Skip to main content

Red Hat CVE-2025-66406

| EUVDEUVD-2025-201014 MEDIUM
Incorrect Authorization (CWE-863)
2025-12-03 security-advisories@github.com GHSA-j7c9-79x7-8hpr
5.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.0 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
SUSE
3.1 LOW
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Red Hat
5.0 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 16:14 euvd
EUVD-2025-201014
Analysis Generated
Mar 15, 2026 - 16:14 vuln.today
CVE Published
Dec 03, 2025 - 20:16 nvd
MEDIUM 5.0

DescriptionGitHub Advisory

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0.

AnalysisAI

A security vulnerability in Step CA (CVSS 5.0). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-863 (Incorrect Authorization). Affects Step CA.

RemediationAI

Monitor vendor channels for patch availability.

Vendor StatusVendor

SUSE

Severity: Low

Share

CVE-2025-66406 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy