| id: GO-2025-4181 |
| modules: |
| - module: github.com/smallstep/certificates |
| versions: |
| - fixed: 0.29.0 |
| vulnerable_at: 0.29.0-rc1 |
| summary: step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates |
| cves: |
| - CVE-2025-66406 |
| ghsas: |
| - GHSA-j7c9-79x7-8hpr |
| references: |
| - advisory: https://github.com/smallstep/certificates/security/advisories/GHSA-j7c9-79x7-8hpr |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-66406 |
| source: |
| id: GHSA-j7c9-79x7-8hpr |
| created: 2025-12-05T21:39:46.086482221Z |
| review_status: UNREVIEWED |
