CRITICAL🇵🇱 Wersja polska

CVE-2025-54321

CVSS 9.8v3.1pub. 2025-11-18upd. 2025-11-20

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.

🤖 AI Analysis
How it works

The password reset function in the application does not have a rate limiting mechanism, i.e., it does not limit the number of requests sent by one user in a specified time period. An authenticated attacker can automate sending password reset requests, causing hundreds or thousands of email messages to be generated to the target user. This results in flooding the victim's mailbox (email bombing), which can lead to disruption of their operations.

Impact

An attacker can flood the mailbox of a selected user with a mass of automatically generated email messages containing password reset links, leading to disruption of the victim's email service availability and potential impediment to their work.

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. It is recommended to review the vulnerability disclosure policy published by Ascertia at the address indicated in the references.

Who is affected

Ascertia SigningHub in versions up to and including 8.6.8

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ascertia Signinghub

    APP
    Ascertia
    ≤ 8.6.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-56221CRITICAL9.8PL ✓ten sam produkt

Brak rate limiting w SigningHub umożliwia atak brute force na logowanie

CVE-2025-56218CRITICAL9.8PL ✓ten sam produkt

Dowolne przesyłanie plików w SigningHub umożliwia RCE

CVE-2025-56219HIGH7.1ten sam produkt

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any ra...

CVE-2025-56223HIGH7.5ten sam produkt

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to c...

CVE-2025-56224HIGH8.1ten sam produkt

A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attac...