Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-44005
CVE-2025-44005:
Wolfi vulnerability analysis and mitigation
Summary
A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners.
All operators running these provisioners should upgrade to the latest release (v0.29.0) immediately.
The issue was discovered and disclosed by a research team during a security review. There is no evidence of active exploitation.
To limit exploitation risk during a coordinated disclosure window, we are withholding detailed technical information for now. A full write-up will be published in several weeks.
---
Embargo List
If your organization runs Step CA in production and would like advance, embargoed notification of future security updates, visit https://u.step.sm/disclosure to request inclusion on our embargo list.
Acknowledgements
This issue was identified and reported by Stephen Kubik of the Cisco Advanced Security Initiatives Group (ASIG)
Stay safe, and thank you for helping us keep the ecosystem secure.
Source: NVD
Related Wolfi vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management