CVE-2025-54799
CVE-2025-54799 affects the Lets Encrypt Go-based client and the lego v4/acme/api package. In 4.25.1 and earlier, the library does not enforce HTTPS when the ACME client communicates with CAs, applying to both the initial discover URL and the URLs returned in directory/order objects. If an HTTP UR...