Upstream information
Description
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.Other Security Trackers
SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1255301 [NEW] No SUSE Security Announcements cross referenced.List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Timeline for this CVE
CVE page created: Mon Dec 15 15:40:24 2025CVE page last modified: Thu Dec 18 13:44:37 2025