CVE-2025-47220

Published: Nov 13, 2025

Modified: Dec 17, 2025

PUBLISHED

Description

A local file enumeration was found in Keyfactor SignServer versions prior to 7.3.2 .The property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which exists in the PDFSigner and the PAdESSigner, can be set to any path without any restrictions by an admin user. In the case that the provided path points to an existing file, readable by the user running the application server, but is not a recognized image format, it will return this as an error to the clientside, confirming the existences of the file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.keyfactor.com

https://docs.keyfactor.com/signserver/latest/signserver-7-3-release-notes

https://support.keyfactor.com/hc/en-us/articles/37638761131035-SignServer-CVE-2025-47220-Local-file-enumeration

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-47220

Description

Affected Products

References