CVE-2025-54320

MEDIUM

Ascertia SigningHub <= 8.6.8 - Authenticated Email Bombing via Invite User Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-54320. PoCs published by saykino.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2025-54320, an email bombing vulnerability in Ascertia SigningHub's Invite User API due to lack of rate limiting. It includes affected versions, mitigation steps, and vulnerability details but lacks functional exploit code.

Description

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.

Exploits (1)

nomisec WRITEUP

by saykino · poc

https://github.com/saykino/CVE-2025-54320

View Code ZIP pw:eip

This repository provides a detailed technical writeup for CVE-2025-54320, an email bombing vulnerability in Ascertia SigningHub's Invite User API due to lack of rate limiting. It includes affected versions, mitigation steps, and vulnerability details but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Ascertia SigningHub <= 8.6.8

Auth required

Prerequisites: Authenticated access to the Invite User API

MITRE ATT&CK

T1499.003 - Application Exhaustion Flood

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/saykino/CVE-2025-54320

Vendor Advisory

https://www.ascertia.com/company/vulnerability-disclosure-policy/

Scores

CVSS v3 4.3

EPSS 0.0028

EPSS Percentile 19.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (1)

ascertia/signinghub < 8.6.8

Published Nov 18, 2025

Tracked Since Feb 18, 2026