PT-2025-42226 · Unknown · Signinghub
Published
2025-10-14
·
Updated
2025-10-27
·
CVE-2025-56224
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SigningHub version 8.6.8
Description
A missing rate limit in the One-Time Password (OTP) verification endpoint allows attackers to bypass verification through a bruteforce attack. An attacker can impersonate another user’s mobile number and verify it without knowing the OTP code.
Recommendations
Apply a rate limit to the OTP verification endpoint to prevent bruteforce attacks.
Exploit
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Signinghub