Platform
other
Component
stirling-pdf
Fixed in
1.1.1
CVE-2025-55151 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Stirling-PDF, a locally hosted web application for PDF manipulation. This flaw allows attackers to potentially access internal resources during the file conversion process. The vulnerability impacts versions of Stirling-PDF prior to 1.1.0, and a patch has been released in version 1.1.0.
The SSRF vulnerability in Stirling-PDF arises from the use of LibreOffice's unoconvert tool during the "convert file to pdf" functionality. An attacker can craft malicious input that causes unoconvert to make requests to unintended internal or external URLs. This could lead to unauthorized access to sensitive data residing on internal servers, exfiltration of confidential information, or even potential denial-of-service if the attacker can trigger resource-intensive requests. The blast radius extends to any internal services accessible from the Stirling-PDF server, making this a significant risk for environments with complex internal architectures.
CVE-2025-55151 was publicly disclosed on 2025-08-11. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The SSRF nature of the vulnerability suggests a moderate risk of exploitation, particularly in environments with exposed internal services.
Exploit Status
EPSS
0.06% (20% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-55151 is to upgrade Stirling-PDF to version 1.1.0 or later, which contains the fix. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) or proxy to filter outbound requests from the Stirling-PDF server, specifically blocking requests to internal IP ranges or known sensitive endpoints. Restrict network access to the Stirling-PDF server to only necessary services. Review and harden the configuration of unoconvert itself, if possible, to limit its ability to make external requests. After upgrade, confirm the fix by attempting a conversion with a URL pointing to an internal resource; the conversion should fail with an appropriate error message.
Update Stirling-PDF to version 1.1.0 or higher. This version fixes the SSRF vulnerability in the PDF file conversion functionality. The update can be performed by downloading the new version from the official website or using the built-in update mechanism in the application.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-55151 is a Server-Side Request Forgery (SSRF) vulnerability in Stirling-PDF versions before 1.1.0, allowing attackers to potentially access internal resources during PDF conversion.
You are affected if you are using Stirling-PDF version 1.1.0 or earlier. Upgrade to version 1.1.0 to mitigate the vulnerability.
Upgrade Stirling-PDF to version 1.1.0. As a temporary workaround, implement a WAF or proxy to filter outbound requests.
There is no confirmed active exploitation of CVE-2025-55151 at this time, but the SSRF nature of the vulnerability suggests a potential risk.
Refer to the Stirling-PDF project's official website or repository for the latest security advisories and updates.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.