Skip to main content
CVE-2025-56218 CRITICAL Act Now

Arbitrary code execution in Ascertia SigningHub v8.6.8 stems from an unrestricted file upload weakness that lets an attacker upload a crafted PDF which is processed or stored in a way that yields server-side code execution. SigningHub is an enterprise/e-government digital signature and document workflow platform, so a compromise exposes signing keys, signed documents, and the workflow backend. Publicly available exploit code exists (GitHub PoC referenced), but there is no public exploit identified as actively used; EPSS is modest at 0.67% (47th percentile) and it is not in CISA KEV.

RCE File Upload Signinghub
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-57567 CRITICAL Act Now

Authenticated remote code execution in the PluXml flat-file CMS lets an administrator abuse the built-in theme editor to overwrite /themes/defaut/css/minify.php with arbitrary PHP, turning legitimate admin file-editing into full server command execution. The flaw (CWE-94 code injection) requires high privileges (admin) but no user interaction, and its CVSS 3.1 score of 9.1 reflects a scope change from the web application to the underlying OS. No public exploit code is confirmed beyond a vulnerability-disclosure PDF, and EPSS is low (0.90%), consistent with an admin-only prerequisite.

Code Injection PHP RCE
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy