Skip to main content

SigningHub CVE-2025-56218

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2025-10-17 cve@mitre.org
9.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable low-complexity file upload to RCE, but upload features on a signing platform normally require an account, so PR:L rather than PR:N; full C/I/A impact from code execution.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 02:55 vuln.today

DescriptionCVE.org

An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.

AnalysisAI

Arbitrary code execution in Ascertia SigningHub v8.6.8 stems from an unrestricted file upload weakness that lets an attacker upload a crafted PDF which is processed or stored in a way that yields server-side code execution. SigningHub is an enterprise/e-government digital signature and document workflow platform, so a compromise exposes signing keys, signed documents, and the workflow backend. Publicly available exploit code exists (GitHub PoC referenced), but there is no public exploit identified as actively used; EPSS is modest at 0.67% (47th percentile) and it is not in CISA KEV.

Technical ContextAI

SigningHub by Ascertia is a document signing and workflow web application that ingests PDF documents for signature workflows (CPE cpe:2.3:a:ascertia:signinghub). The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type): the upload handler accepts a crafted PDF without adequately validating file type, content, or the eventual storage/execution path, allowing an uploaded file to be interpreted as executable code by the server. In signing platforms, PDF ingestion pipelines often invoke rendering, parsing, or conversion components, any of which can be abused when input validation is insufficient - turning a document-processing feature into a code-execution primitive.

RemediationAI

No vendor-released patch version is identified in the available data, so contact Ascertia (http://signinghub.com) directly for a fixed build and advisory rather than relying on an assumed version number. As compensating controls, restrict network access to the SigningHub upload endpoints to trusted, authenticated users only and place the application behind a reverse proxy or WAF that enforces strict PDF content-type and magic-byte validation (trade-off: may reject legitimate but unusual documents); disable or sandbox any server-side PDF rendering/conversion component and run the upload/processing service under a least-privilege, non-executable storage directory so uploaded files cannot be executed (trade-off: may break preview or conversion features); and monitor upload directories for unexpected script/executable files. Remove any anonymous access to upload functionality until a patch is confirmed.

Share

CVE-2025-56218 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy