Severity by source
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
4DescriptionGitHub Advisory
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0.
AnalysisAI
A security vulnerability in Step CA (CVSS 5.0). Remediation should follow standard vulnerability management procedures.
Technical ContextAI
CWE-863 (Incorrect Authorization). Affects Step CA.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allVendor StatusVendor
SUSE
Severity: LowShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-201014
GHSA-j7c9-79x7-8hpr