CVE-2025-54320 PoC — Ascertia SigningHub 安全漏洞

Source

https://github.com/saykino/CVE-2025-54320

Associated Vulnerability

Title:Ascertia SigningHub 安全漏洞 (CVE-2025-54320)
Description:Ascertia SigningHub是英国Ascertia公司的一个电子签名软件。 Ascertia SigningHub 8.6.8及之前版本存在安全漏洞，该漏洞源于邀请用户功能缺乏速率限制，可能导致电子邮件轰炸。

Readme

# CVE-2025-54320 Invite User Email Bombing 

Description

The invitation API does not implement rate limiting for the target email address. This allows for an Email Bombing attack.

 ------------------------------------------

CVSS Score: 7.1 (High)

------------------------------------------
 Attack Type

 * Remote (Authenticated)
   
------------------------------------------

 Affected Versions

* Versions before <= 8.6.8

------------------------------------------
 Vendor of Product

*  Ascertia

 ------------------------------------------

  Affected Product Code Base
  
* SigningHub

 ------------------------------------------

  Affected Component
  
* Invite User API.

 ------------------------------------------ 
 
 Mitigations

* Implement rate-limit for the Invite User API.
  
------------------------------------------
Vulnerability Details

* an attacker can floods a target's inbox with a large volume of invite emails in a short period of time.

------------------------------------------

 Fixed versions
 *  Versions after > 8.6.8 
 
------------------------------------------

 Discovered By:
 * Yazan Abu-Nadi

File Snapshot


 [4.0K]  /data/pocs/b1e12560d34c6b60dc56a01f3873e092d56e6fd9
└── [1.1K]  README.md

1 directory, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!