CVE-2025-54320

Published: Nov 18, 2025Modified: Nov 20, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.

Affected (1)

Products: Ascertia: Signinghub

Ascertia

1 product

Signinghub

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ascertia Signinghub	Up to 8.6.8

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://github.com/saykino/CVE-2025-54320

Source: cve@mitre.org

Third Party Advisory

https://www.ascertia.com/company/vulnerability-disclosure-policy/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.