Description
An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.
Published: 2026-04-06
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Open Redirect
Action: Assess Impact
AI Analysis

Impact

This vulnerability is an open redirect in Ascertia SigningHub User v10.0 that allows attackers to craft URLs that redirect users to malicious destinations. The impact is primarily phishing or drive‑by attacks, potentially compromising user credentials or delivering malware. It represents a CWE‑601 misuse of redirection logic.

Affected Systems

The affected product is Ascertia SigningHub User, specifically version 10.0 and also version 8.6.8 as indicated by the CPE entries. No other vendors or products are listed.

Risk and Exploitability

The CVSS score is 6.1, indicating medium severity, while the EPSS score is below 1%, suggesting low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to entice a user to click a maliciously crafted link; once the link is clicked, the user is redirected to a target site controlled by the attacker. The attack vector is remote via a crafted URL that the user follows.

Generated by OpenCVE AI on April 10, 2026 at 19:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Identify whether your deployment runs Ascertia SigningHub User 10.0 or 8.6.8.
  • Apply any available vendor patch or upgrade to the latest stable version that removes the redirect flaw.
  • If a patch is unavailable, configure the application to reject or validate redirect URLs, limiting redirects to trusted domains.
  • Monitor for suspicious redirect activity and train users to be cautious of unexpected URLs.
  • Contact Ascertia support for guidance if the issue persists.

Generated by OpenCVE AI on April 10, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Open Redirect in Ascertia SigningHub User v10.0

Fri, 10 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Ascertia signinghub
CPEs cpe:2.3:a:ascertia:signinghub:10.0:*:*:*:*:*:*:*
cpe:2.3:a:ascertia:signinghub:8.6.8:*:*:*:*:*:*:*
Vendors & Products Ascertia signinghub

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Ascertia
Ascertia signinghub User
Vendors & Products Ascertia
Ascertia signinghub User

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Open Redirect Vulnerability in Ascertia SigningHub User 10.0

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Open Redirect Vulnerability in Ascertia SigningHub User 10.0
Weaknesses CWE-601
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL.
References

Subscriptions

Ascertia Signinghub Signinghub User
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:31:38.527Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61166

cve-icon Vulnrichment

Updated: 2026-04-06T19:29:36.282Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T18:16:41.070

Modified: 2026-04-10T18:40:32.187

Link: CVE-2025-61166

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:48Z

Weaknesses