Plattform
other
Komponente
stirling-pdf
Behoben in
1.1.1
CVE-2025-55161 describes a Server-Side Request Forgery (SSRF) vulnerability affecting Stirling-PDF versions up to 1.1.0. This flaw allows attackers to bypass the intended security sanitization within the Markdown to PDF conversion process, potentially enabling unauthorized access to internal resources. The vulnerability has been addressed in version 1.1.0, and users are strongly advised to upgrade.
The SSRF vulnerability in Stirling-PDF arises from a flaw in the sanitization process used when converting Markdown files to PDF via the /api/v1/convert/markdown/pdf endpoint. An attacker can craft malicious Markdown input that bypasses the sanitizer, causing Stirling-PDF to make requests to arbitrary internal or external URLs. This could lead to exposure of sensitive internal data, access to internal services, or even potential exploitation of other vulnerable systems within the network. The blast radius extends to any internal resources accessible from the Stirling-PDF server.
CVE-2025-55161 was publicly disclosed on 2025-08-11. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's CVSS score of 8.6 (HIGH) indicates a significant risk. It is not currently listed on the CISA KEV catalog. Exploitation probability is considered medium due to the relatively straightforward nature of SSRF vulnerabilities and the lack of a public PoC.
Organizations deploying Stirling-PDF for internal document processing, particularly those with sensitive internal resources accessible from the server, are at risk. Shared hosting environments where Stirling-PDF is installed alongside other applications should also be considered vulnerable, as a compromised application could potentially exploit this SSRF vulnerability.
• generic web: Use curl to test the /api/v1/convert/markdown/pdf endpoint with a URL pointing to an internal resource (e.g., http://localhost:8080). A successful response indicates potential SSRF.
curl -X POST -d '{"markdown": ""}' http://<stirling-pdf-server>/api/v1/convert/markdown/pdfdisclosure
Exploit-Status
EPSS
4.79% (89% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-55161 is to upgrade Stirling-PDF to version 1.1.0 or later, which includes the necessary fix for the sanitization bypass. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /api/v1/convert/markdown/pdf endpoint or restrict the allowed URLs. Additionally, carefully review and restrict network access from the Stirling-PDF server to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the fix by attempting to convert a Markdown file containing a URL to an internal resource; the conversion should fail with an appropriate error message.
Aktualisieren Sie Stirling-PDF auf Version 1.1.0 oder höher. Diese Version enthält eine Korrektur für die SSRF-Schwachstelle im Endpunkt /api/v1/convert/markdown/pdf. Das Update wird das Risiko mindern, dass externe Angreifer über die Anwendung auf interne Ressourcen zugreifen können.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-55161 is a HIGH severity SSRF vulnerability in Stirling-PDF versions 1.1.0 and earlier, allowing attackers to bypass sanitization and potentially access internal resources.
Yes, if you are using Stirling-PDF version 1.1.0 or earlier, you are affected by this SSRF vulnerability.
Upgrade Stirling-PDF to version 1.1.0 or later to remediate the vulnerability. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
There is currently no confirmed active exploitation of CVE-2025-55161, but the vulnerability's severity and ease of exploitation warrant caution.
Refer to the Stirling-PDF project's official website or repository for the latest security advisories and release notes related to CVE-2025-55161.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.