CVE-2025-56218
Published: 17 October 2025
Description
Adversaries may send spearphishing messages via third-party services in an attempt to gain access to victim systems.
Security Summary
CVE-2025-56218 is an arbitrary file upload vulnerability in SigningHub version 8.6.8 that enables attackers to execute arbitrary code by uploading a crafted PDF file. This issue, published on 2025-10-17, is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its high impact on confidentiality, integrity, and availability.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By uploading a specially crafted PDF file, attackers achieve arbitrary code execution on the targeted SigningHub instance, potentially leading to full system compromise.
Mitigation guidance and further details are available in vendor advisories from Ascertia (http://ascertia.com), SigningHub (http://signinghub.com), and the GitHub repository documenting the vulnerability (https://github.com/saykino/CVE-2025-56218).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Arbitrary file upload vulnerability in web-based SigningHub enables exploitation of a public-facing application (T1190) and facilitates spearphishing via service (T1566.003) by uploading crafted files (Excel/PDF with scripts or disguised phishing URLs) that are converted and delivered to recipients, leading to malicious file (T1566.001) or link (T1566.002) execution upon interaction.