CVE-2025-56218

Critical CVSS: 9.8

An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.

Vendor

Product

CWE

Yayın Tarihi

2025-10-17 19:15:37

Güncelleme

2025-10-27 14:28:09

Source Identifier

cve@mitre.org

KEV Date Added

CWE-434 Signinghub CRITICAL Ascertia 2025

http://ascertia.com http://signinghub.com https://github.com/saykino/CVE-2025-56218

Critical

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an ema…

Medium

CVE-2025-54320

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email…

High

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limitin…

High

CVE-2025-56223

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Den…

High

CVE-2025-56224

A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to by…

Critical

CVE-2025-56221

A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brut…