CVE-2025-54321
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-20
Assigner: MITRE
Description
Description
In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ascertia | signinghub | to 8.6.8 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Ascertia SigningHub through version 8.6.8, where the reset password function lacks rate limiting. This allows an authenticated attacker to automate multiple reset password requests, potentially leading to an email bombing attack.
How can this vulnerability impact me? :
The vulnerability can be exploited to send a large number of password reset emails to a target, which may overwhelm the recipient's email inbox or email server, causing denial of service or disruption to normal email operations.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70