SigningHub
CVE-2025-56218
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Network-reachable low-complexity file upload to RCE, but upload features on a signing platform normally require an account, so PR:L rather than PR:N; full C/I/A impact from code execution.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
AnalysisAI
Arbitrary code execution in Ascertia SigningHub v8.6.8 stems from an unrestricted file upload weakness that lets an attacker upload a crafted PDF which is processed or stored in a way that yields server-side code execution. SigningHub is an enterprise/e-government digital signature and document workflow platform, so a compromise exposes signing keys, signed documents, and the workflow backend. Publicly available exploit code exists (GitHub PoC referenced), but there is no public exploit identified as actively used; EPSS is modest at 0.67% (47th percentile) and it is not in CISA KEV.
Technical ContextAI
SigningHub by Ascertia is a document signing and workflow web application that ingests PDF documents for signature workflows (CPE cpe:2.3:a:ascertia:signinghub). The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type): the upload handler accepts a crafted PDF without adequately validating file type, content, or the eventual storage/execution path, allowing an uploaded file to be interpreted as executable code by the server. In signing platforms, PDF ingestion pipelines often invoke rendering, parsing, or conversion components, any of which can be abused when input validation is insufficient - turning a document-processing feature into a code-execution primitive.
RemediationAI
No vendor-released patch version is identified in the available data, so contact Ascertia (http://signinghub.com) directly for a fixed build and advisory rather than relying on an assumed version number. As compensating controls, restrict network access to the SigningHub upload endpoints to trusted, authenticated users only and place the application behind a reverse proxy or WAF that enforces strict PDF content-type and magic-byte validation (trade-off: may reject legitimate but unusual documents); disable or sandbox any server-side PDF rendering/conversion component and run the upload/processing service under a least-privilege, non-executable storage directory so uploaded files cannot be executed (trade-off: may break preview or conversion features); and monitor upload directories for unexpected script/executable files. Remove any anonymous access to upload functionality until a patch is confirmed.
More in Signinghub
View allAuthentication bypass in Ascertia SigningHub v8.6.8 lets remote unauthenticated attackers brute-force the One-Time Passw
Denial of service in Ascertia SigningHub v8.6.8 stems from a missing rate limit on the /Home/UploadStreamDocument endpoi
Uncontrolled account creation in Ascertia SigningHub v8.6.8 allows an attacker to repeatedly add user accounts with no r
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an ema
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email
Share
External POC / Exploit Code
Leaving vuln.today