# CVE-2025-54321 Reset Password Email Bombing
# Description
The reset password function does not implement rate limiting for the target email address. This allows for an Email Bombing attack
------------------------------------------
# CVSS Score: 7.1 (High)
------------------------------------------
Attack Type
* Remote (Authenticated)
------------------------------------------
Affected Versions
* Versions before <= 8.6.8
------------------------------------------
Vendor of Product
* Ascertia
------------------------------------------
Affected Product Code Base
* SigningHub
------------------------------------------
Affected Component
* Reset Password Function.
------------------------------------------
Mitigations
* Implement rate-limit for the reset password api.
------------------------------------------
Vulnerability Details
* there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. authenticated attacker can exploit this by automating reset password requests to flood targeted user accounts with a high volume of password reset emails. This not only overwhelms the victim's mailbox, making it difficult to manage and locate legitimate emails, but also significantly impacts mail servers by consuming their resources. The increased load can cause performance degradation and, in severe cases, make the mail servers unresponsive or unavailable, disrupting email services for the entire organization
------------------------------------------
Fixed versions
* Versions after > 8.6.8
------------------------------------------
Discoverer
* Yazan Abu-Nadi
[4.0K] /data/pocs/81c0d35d5f4b83c0cc1661f36e261b73596644b0
└── [1.6K] README.md
1 directory, 1 file