CRITICAL🇵🇱 Wersja polska

CVE-2025-56218

CVSS 9.8v3.1pub. 2025-10-17upd. 2026-07-05

An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) results from a lack of proper validation of uploaded files on the server side. An attacker can upload a crafted PDF file containing a malicious payload, which is then processed or executed by the application. This enables remote code execution (RCE) without the need for any permissions.

Impact

An attacker can gain full control of the server, including access to sensitive data, modification of system content, and disruption of its operation. It is possible to compromise the entire application environment without prior authentication.

Mitigation & patch

Apply patches available from the manufacturer according to references. Additionally, it is recommended to implement server-side controls that verify the type and content of uploaded files, as well as restrict the ability to execute files in directories where users can upload files.

Who is affected

Ascertia SigningHub in version 8.6.8

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ascertia Signinghub

    APP
    Ascertia
    ≤ 8.6.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-54321CRITICAL9.8PL ✓ten sam produkt

Brak rate limiting w funkcji resetowania hasła w Ascertia SigningHub

CVE-2025-56221CRITICAL9.8PL ✓ten sam produkt

Brak rate limiting w SigningHub umożliwia atak brute force na logowanie

CVE-2025-56219HIGH7.1ten sam produkt

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any ra...

CVE-2025-56223HIGH7.5ten sam produkt

A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to c...

CVE-2025-56224HIGH8.1ten sam produkt

A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attac...