A high-severity vulnerability has been discovered in multiple DigiSigner products, identified as CVE-2025-59684 with a CVSS score of 8.8. This flaw could allow an unauthenticated remote attacker to execute arbitrary code on affected systems, potentially leading to a full system compromise, data theft, and service disruption. Organizations using the affected software are at significant risk and should take immediate action to mitigate this threat.

This vulnerability is a remote code execution (RCE) flaw within the document processing component of DigiSigner software. An unauthenticated remote attacker can exploit this by crafting a malicious document (e.g., a PDF or DOCX file) and uploading it to the affected server. When the application attempts to parse this specially crafted file, a critical flaw such as a buffer overflow or unsafe deserialization is triggered, allowing the attacker to execute arbitrary code with the privileges of the DigiSigner service account.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have a severe impact on the business, leading to a complete compromise of the server hosting the DigiSigner software. Potential consequences include the theft of sensitive documents, personally identifiable information (PII), and user credentials processed by the application. Furthermore, an attacker could use the compromised system as a pivot point to move laterally within the corporate network, disrupt business operations by causing a denial of service, or tarnish the organization's reputation.

Immediate Action: Apply the security updates released by DigiSigner across all affected systems immediately. Prioritize patching for internet-facing servers to minimize the attack surface. After applying the patch, it is critical to review system and application logs for any signs of compromise that may have occurred prior to remediation.

Proactive Monitoring: Implement enhanced monitoring for indicators of compromise. Security teams should look for unusual child processes spawned by the DigiSigner application, unexpected outbound network connections from the host server, and error logs related to document parsing failures. Monitor network traffic for signatures associated with exploitation attempts or data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls:

• Use a Web Application Firewall (WAF) with rules designed to inspect and block malformed or suspicious file uploads.
• Isolate the servers running DigiSigner in a segmented network zone to limit an attacker's ability to move laterally.
• Restrict access to the application to only trusted IP ranges if possible.

Public Exploit Available: false

This vulnerability represents a significant and immediate risk to the organization. Given the high CVSS score of 8.8, we strongly recommend that the vendor-supplied patches be applied on an emergency basis. Although this vulnerability is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion and a top priority for remediation. All system owners must confirm that the patch has been deployed and that systems are being actively monitored for any post-patching signs of malicious activity.