PT-2025-47088 · Ascertia · Ascertia Signinghub
Published
2025-11-16
·
Updated
2025-11-19
·
CVE-2025-54320
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Ascertia SigningHub versions through 8.6.8
Description
A lack of rate limiting on the invite user function allows for an email bombing attack. An authenticated attacker can automate invite requests to a target email address.
Recommendations
Apply rate limiting to the invite user function.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ascertia Signinghub