Platform
other
Component
stirling-pdf
Fixed in
2.5.3
CVE-2026-27625 is a Path Traversal vulnerability discovered in Stirling-PDF, a locally hosted web application for PDF manipulation. This flaw allows authenticated users to write files outside the intended temporary directory, potentially leading to data compromise and system instability. The vulnerability affects versions of Stirling-PDF prior to 2.5.2, and a patch is available in version 2.5.2.
The core of this vulnerability lies in the /api/v1/convert/markdown/pdf endpoint, which fails to properly validate user-supplied ZIP entries. An attacker can craft a malicious ZIP archive containing path traversal sequences (e.g., ../../../../etc/passwd) to write files to arbitrary locations on the server's filesystem. The impact is directly tied to the writable paths accessible by the stirlingpdfuser process. Successful exploitation could lead to overwriting critical configuration files, injecting malicious code, or exfiltrating sensitive data. The potential for data integrity compromise is significant, and depending on the writable paths, could escalate to full system compromise.
This vulnerability was publicly disclosed on 2026-03-20. No public proof-of-concept (PoC) code has been released at the time of writing, but the ease of exploitation makes it a potential target for opportunistic attackers. It is not currently listed on the CISA KEV catalog. The vulnerability's reliance on authentication limits its immediate exploitability, but the potential impact warrants prompt remediation.
Exploit Status
EPSS
0.06% (18% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-27625 is to immediately upgrade Stirling-PDF to version 2.5.2 or later. If upgrading is not immediately feasible, consider implementing strict access controls to limit the stirlingpdfuser's permissions and restrict writable paths. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious path traversal patterns in the ZIP file uploads. Monitor file system activity for unexpected file modifications within the Stirling-PDF working directory. After upgrading, confirm the fix by attempting to upload a ZIP file containing a path traversal sequence and verifying that the file write is denied.
Actualice Stirling-PDF a la versión 2.5.2 o posterior. Esta versión corrige la vulnerabilidad de escritura arbitraria de archivos mediante la validación adecuada de las rutas de los archivos extraídos de los archivos ZIP.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27625 is a Path Traversal vulnerability affecting Stirling-PDF versions prior to 2.5.2. It allows authenticated users to write files outside the intended directory, potentially compromising data integrity.
You are affected if you are using Stirling-PDF version 2.5.2 or earlier. Immediately upgrade to 2.5.2 to mitigate the risk.
The recommended fix is to upgrade Stirling-PDF to version 2.5.2 or later. As a temporary workaround, restrict file permissions and implement WAF rules to block malicious requests.
While no public exploits are currently known, the vulnerability's ease of exploitation makes it a potential target. Proactive patching is highly recommended.
Refer to the Stirling-PDF project's official website or security mailing list for the latest advisory and release notes regarding CVE-2026-27625.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.