CVE-2025-54321

CRITICAL

Ascertia SigningHub <8.6.8 - DoS

Title source: llm

Description

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.

Exploits (1)

nomisec WRITEUP

by saykino · poc

https://github.com/saykino/CVE-2025-54321

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://github.com/saykino/CVE-2025-54321

[Vendor Advisory] https://www.ascertia.com/company/vulnerability-disclosure-policy/

Scores

CVSS v3 9.8

EPSS 0.0002

EPSS Percentile 6.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-799

Status published

Products (1)

ascertia/signinghub < 8.6.8

Published Nov 18, 2025

Tracked Since Feb 18, 2026