CVE-2025-47220 is a vulnerability identified in Keyfactor SignServer versions prior to 7.3.2, specifically affecting the PDFSigner and PAdESSigner modules. The issue stems from the property VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH, which can be set by an administrator to any arbitrary file path on the server without validation or restriction. When this path points to a file that exists and is readable by the application server user but is not a recognized image format, the server responds with an error message that reveals the file's existence to the client side. This behavior effectively enables local file enumeration, a form of information disclosure, by confirming the presence or absence of files on the server. The vulnerability requires administrative privileges to exploit, meaning that an attacker must already have elevated access to the SignServer environment. The vulnerability does not allow reading file contents, modifying files, or executing arbitrary code. The CVSS v3.1 base score is 5.3, reflecting a medium severity level due to the limited impact on confidentiality and no impact on integrity or availability. No known exploits have been reported in the wild as of the publication date. The vulnerability is categorized under CWE-284 (Improper Access Control), highlighting the lack of proper restrictions on the file path property. The absence of patch links suggests that users should verify with Keyfactor for updates or mitigations. Overall, this vulnerability represents a moderate risk primarily through information disclosure via file existence confirmation, which could aid further targeted attacks if combined with other vulnerabilities or insider threats.

For European organizations, the primary impact of CVE-2025-47220 is information disclosure through local file enumeration on Keyfactor SignServer installations. While the vulnerability requires admin privileges, it can assist malicious insiders or attackers who have gained elevated access in mapping the file system and identifying sensitive files. This reconnaissance capability could facilitate subsequent attacks such as privilege escalation or data exfiltration. Organizations relying on digital signature services for document signing and validation, especially in regulated sectors like finance, healthcare, and government, may face increased risk if attackers leverage this vulnerability to gather intelligence about the server environment. Although the vulnerability does not directly compromise data integrity or availability, the exposure of file existence information could indirectly weaken security posture. European entities with strict data protection regulations (e.g., GDPR) must consider the potential for unauthorized information disclosure as a compliance risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation. Therefore, affected organizations should prioritize mitigation to prevent any escalation from this vulnerability.

To mitigate CVE-2025-47220, European organizations should take the following specific actions: 1) Upgrade Keyfactor SignServer to version 7.3.2 or later, where the vulnerability is addressed. If an upgrade is not immediately possible, 2) restrict administrative access to the SignServer environment to only trusted personnel and enforce strong authentication and authorization controls to prevent unauthorized changes to the VISIBLE_SIGNATURE_CUSTOM_IMAGE_PATH property. 3) Implement monitoring and alerting for changes to configuration properties related to signature images to detect suspicious activity. 4) Conduct regular audits of file permissions and server user privileges to ensure that the application server user has minimal necessary access, limiting exposure of sensitive files. 5) Employ network segmentation and isolation for the SignServer infrastructure to reduce the attack surface. 6) Engage with Keyfactor support or security advisories to obtain any available patches or workarounds. 7) Educate administrators about the risks of improper configuration and the importance of validating file paths used in signature customization. These measures collectively reduce the risk of exploitation and limit the potential impact of the vulnerability.