CVE-2025-54320
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-20
Assigner: MITRE
Description
Description
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ascertia | signinghub | to 8.6.8 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can be exploited to send a large volume of unwanted invitation emails to users, potentially causing disruption, annoyance, or denial of service through email flooding.
Can you explain this vulnerability to me?
This vulnerability exists in Ascertia SigningHub through version 8.6.8, where the invite user function does not have rate limiting. This allows an authenticated attacker to repeatedly send invite requests automatically, resulting in an email bombing attack.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70