Platform
other
Component
stirling-pdf
Fixed in
1.1.1
CVE-2025-55161 describes a Server-Side Request Forgery (SSRF) vulnerability affecting Stirling-PDF versions up to 1.1.0. This flaw allows attackers to bypass the intended security sanitization within the Markdown to PDF conversion process, potentially enabling unauthorized access to internal resources. The vulnerability has been addressed in version 1.1.0, and users are strongly advised to upgrade.
The SSRF vulnerability in Stirling-PDF arises from a flaw in the sanitization process used when converting Markdown files to PDF via the /api/v1/convert/markdown/pdf endpoint. An attacker can craft malicious Markdown input that bypasses the sanitizer, causing Stirling-PDF to make requests to arbitrary internal or external URLs. This could lead to exposure of sensitive internal data, access to internal services, or even potential exploitation of other vulnerable systems within the network. The blast radius extends to any internal resources accessible from the Stirling-PDF server.
CVE-2025-55161 was publicly disclosed on 2025-08-11. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's CVSS score of 8.6 (HIGH) indicates a significant risk. It is not currently listed on the CISA KEV catalog. Exploitation probability is considered medium due to the relatively straightforward nature of SSRF vulnerabilities and the lack of a public PoC.
Exploit Status
EPSS
4.79% (89% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-55161 is to upgrade Stirling-PDF to version 1.1.0 or later, which includes the necessary fix for the sanitization bypass. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /api/v1/convert/markdown/pdf endpoint or restrict the allowed URLs. Additionally, carefully review and restrict network access from the Stirling-PDF server to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the fix by attempting to convert a Markdown file containing a URL to an internal resource; the conversion should fail with an appropriate error message.
Update Stirling-PDF to version 1.1.0 or higher. This version contains a fix for the SSRF vulnerability in the /api/v1/convert/markdown/pdf endpoint. The update will mitigate the risk of external attackers accessing internal resources through the application.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-55161 is a HIGH severity SSRF vulnerability in Stirling-PDF versions 1.1.0 and earlier, allowing attackers to bypass sanitization and potentially access internal resources.
Yes, if you are using Stirling-PDF version 1.1.0 or earlier, you are affected by this SSRF vulnerability.
Upgrade Stirling-PDF to version 1.1.0 or later to remediate the vulnerability. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
There is currently no confirmed active exploitation of CVE-2025-55161, but the vulnerability's severity and ease of exploitation warrant caution.
Refer to the Stirling-PDF project's official website or repository for the latest security advisories and release notes related to CVE-2025-55161.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.