ascertia 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk open redirect and vendor risk denial of service などに関し、一部は アプリケーションクラッシュ and ファイル上書き を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-61166 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | [email protected] | 6.1 | 0.18% | 2026-04-06 | 2026-06-17 |
| CVE-2025-54321 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests. | [email protected] | 9.8 | 0.40% | 2025-11-18 | 2026-06-17 |
| CVE-2025-54320 | In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating invite requests. | [email protected] | 4.3 | 0.28% | 2025-11-18 | 2026-06-17 |
| CVE-2025-56224 | A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack. | [email protected] | 8.1 | 0.46% | 2025-10-20 | 2026-06-17 |
| CVE-2025-56223 | A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files. | [email protected] | 7.5 | 0.49% | 2025-10-20 | 2026-06-17 |
| CVE-2025-56219 | Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created. | [email protected] | 7.1 | 0.37% | 2025-10-20 | 2026-06-17 |
| CVE-2025-56221 | A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack. | [email protected] | 9.8 | 0.57% | 2025-10-17 | 2026-06-17 |
| CVE-2025-56218 | An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file. | [email protected] | 9.8 | 0.67% | 2025-10-17 | 2026-06-17 |