Signinghub
CVE-2025-56219
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.
AnalysisAI
Uncontrolled account creation in Ascertia SigningHub v8.6.8 allows an attacker to repeatedly add user accounts with no rate limiting, driving resource exhaustion and a denial-of-service condition on the e-signature platform. The flaw stems from improper access control (CWE-284) around the account-provisioning function and is exploitable over the network by a low-privileged actor per the CVSS vector (PR:L). Publicly available exploit code exists (GitHub saykino/CVE-2025-56219), but there is no confirmed active exploitation and EPSS remains low at 0.37% (29th percentile).
More in Signinghub
View allArbitrary code execution in Ascertia SigningHub v8.6.8 stems from an unrestricted file upload weakness that lets an atta
Authentication bypass in Ascertia SigningHub v8.6.8 lets remote unauthenticated attackers brute-force the One-Time Passw
Denial of service in Ascertia SigningHub v8.6.8 stems from a missing rate limit on the /Home/UploadStreamDocument endpoi
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an ema
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today