An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.CreditsStephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG)Referenceshttps://talosintelligence.com/vulnerability_reports/TALOS-2025-2242https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p
