CRITICAL🇵🇱 Wersja polska

CVE-2025-56221

CVSS 9.8v3.1pub. 2025-10-17upd. 2025-10-27

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack.

🤖 AI Analysis
How it works

The login mechanism in SigningHub v8.6.8 does not implement rate limiting, meaning it does not restrict the number of consecutive authentication attempts from a given source. An attacker can automatically send an unlimited number of login requests with various password combinations (brute force) until successfully guessing the correct credentials. The attack is possible remotely, without any prior permissions or victim interaction.

Impact

An attacker who successfully guesses login credentials gains full unauthorized access to a user or administrator account in the SigningHub system, which may result in violation of confidentiality, integrity, and availability of processed documents and data.

Mitigation & patch

Patches available from the vendor should be applied in accordance with references. Additionally, it is recommended to implement account blocking mechanisms or temporary IP address blocking after a specified number of failed login attempts, and to consider implementing multi-factor authentication (MFA) as an additional layer of protection.

Who is affected

Ascertia SigningHub v8.6.8

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ascertia Signinghub

    APP
    Ascertia
    ≤ 8.6.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-54321CRITICAL9.8PL ✓ten sam produkt

Brak rate limiting w funkcji resetowania hasła w Ascertia SigningHub

CVE-2025-56218CRITICAL9.8PL ✓ten sam produkt

Dowolne przesyłanie plików w SigningHub umożliwia RCE

CVE-2025-56219HIGH7.1ten sam produkt

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any ra...

CVE-2025-56223HIGH7.5ten sam produkt

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to c...

CVE-2025-56224HIGH8.1ten sam produkt

A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attac...