Smallstep A.I CyberSecurity Scoring
Smallstep
Company Information
Website:https://smallstep.com/
Employees number:32
Number of followers:2,368
NAICS:541514
Industry Type:Computer and Network Security
Homepage:smallstep.com
Smallstep Risk Score (AI oriented)
Between 700 and 749
SmallstepComputer and Network Security
Updated:
01/04/2026
01/04/2026
749/1000
Moderate
Ba
Smallstep Global Score (TPRM)
xxxx
SmallstepComputer and Network Security
Score locked

SmallstepModerate
Current Score
749Ba (MODERATE)
01000
1 incidents
-1 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
749
JUNE 2026
749
MAY 2026
749
APRIL 2026
749
MARCH 2026
749
FEBRUARY 2026
748
JANUARY 2026
748
DECEMBER 2025
749
Vulnerability
17 Dec 2025 • Smallstep
Smallstep: Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities
Cisco Talos Discloses Critical Vulnerabilities in Medical and Security Software Libraries
748
CRITICAL-1
SMA1774456850
Cisco Talos Discloses Critical Vulnerabilities in Medical and Security Software Libraries
Cisco Talos’ Vulnerability Discovery & Research team recently uncovered and disclosed multiple vulnerabilities in three widely used software libraries: Libbiosig, Grassroot DICOM, and Smallstep step-ca. While patches have been released for most flaws, the Grassroot DICOM vulnerabilities remain unpatched zero-days.
### Libbiosig: Stack-Based Buffer Overflows
Researcher Mark Bereza identified six stack-based buffer overflow vulnerabilities (TALOS-2025-2296, CVE-2025-66043–CVE-2025-66048) in Libbiosig 3.9.1, an open-source library for biomedical signal processing. The flaws reside in the MFER parsing functionality, allowing attackers to execute arbitrary code by supplying a maliciously crafted MFER file.
### Grassroot DICOM: Zero-Day Information Leaks
Emmanuel Tacheau discovered three out-of-bounds read vulnerabilities in Grassroot DICOM, a C++ library for medical imaging files. The flaws (TALOS-2025-2210, TALOS-2025-2211, TALOS-2025-2214) can expose sensitive data, including heap memory, when processing malicious files. Unlike the other vulnerabilities, these remain unpatched zero-days.
### Smallstep step-ca: Additional Flaws
Researcher Stephen Kubik of Cisco’s Advanced Security Initiatives Group (ASIG) identified vulnerabilities in Smallstep step-ca, a certificate authority (CA) tool. Details on these flaws were not fully disclosed in the article, but patches have been issued.
### Impact & Response
The vulnerabilities affect systems processing medical imaging, biomedical signals, and certificate management. While Libbiosig and Smallstep step-ca have released fixes, organizations using Grassroot DICOM should exercise caution until patches are available. Cisco Talos has provided detection rules via Snort to help identify exploitation attempts.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
749
OCTOBER 2025
749
SEPTEMBER 2025
749
AUGUST 2025
749
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Smallstep ??
What was Smallstep's A.I Rankiteo Cyber Score in June 2026 ??
What was Smallstep's A.I Rankiteo Cyber Score in May 2026 ??
What was Smallstep's A.I Rankiteo Cyber Score in April 2026 ??
What was Smallstep's A.I Rankiteo Cyber Score in March 2026 ??
What was Smallstep's A.I Rankiteo Cyber Score in February 2026 ??
What was Smallstep's A.I Rankiteo Cyber Score in January 2026 ??
What was Smallstep's A.I Rankiteo Cyber Score in December 2025 ??
What was Smallstep's A.I Rankiteo Cyber Score in November 2025 ??
What was Smallstep's A.I Rankiteo Cyber Score in October 2025 ??
What was Smallstep's A.I Rankiteo Cyber Score in September 2025 ??
What was Smallstep's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Smallstep's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Smallstep ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Smallstep's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?