Plataforma
other
Componente
stirling-pdf
Corregido en
1.1.1
CVE-2025-55150 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Stirling-PDF, a locally hosted web application for PDF manipulation. This vulnerability allows attackers to bypass security sanitization within the HTML to PDF conversion process, potentially enabling unauthorized access to internal resources. The vulnerability affects versions of Stirling-PDF prior to 1.1.0 and has been resolved in version 1.1.0.
The SSRF vulnerability in Stirling-PDF arises from a flaw in the sanitization process used when converting HTML to PDF via the /api/v1/convert/html/pdf endpoint. An attacker can craft malicious HTML input that bypasses the intended security measures, causing Stirling-PDF to make requests to arbitrary internal or external URLs. This could allow an attacker to scan internal networks for open ports, access sensitive data stored on internal servers, or even potentially execute code on vulnerable systems if they can leverage the SSRF to interact with other vulnerable services. The blast radius extends to any internal resources accessible via HTTP/HTTPS from the Stirling-PDF server.
CVE-2025-55150 was publicly disclosed on 2025-08-11. There is no indication of active exploitation or inclusion in the CISA KEV catalog at this time. No public proof-of-concept exploits have been published, but the SSRF nature of the vulnerability makes it likely that such exploits will emerge. The vulnerability's reliance on HTML processing suggests a potential attack surface similar to other SSRF vulnerabilities involving HTML parsing libraries.
Organizations utilizing Stirling-PDF for internal PDF generation and processing are at risk, particularly those with sensitive internal resources accessible via HTTP/HTTPS. Environments where Stirling-PDF is exposed to untrusted networks or user-supplied HTML content are at higher risk.
disclosure
Estado del Exploit
EPSS
0.06% (20% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2025-55150 is to upgrade Stirling-PDF to version 1.1.0 or later, which includes the necessary security fixes. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) to filter requests to the /api/v1/convert/html/pdf endpoint, blocking those containing suspicious URLs or patterns. Additionally, restrict network access to the Stirling-PDF server to only necessary internal resources. Monitor access logs for unusual outbound requests originating from the Stirling-PDF server. After upgrading, confirm the fix by attempting to convert a known malicious HTML payload and verifying that the request is properly sanitized and does not result in an SSRF.
Actualice Stirling-PDF a la versión 1.1.0 o superior. Esta versión contiene una corrección para la vulnerabilidad SSRF en el endpoint /api/v1/convert/html/pdf. La actualización mitigará el riesgo de que atacantes externos puedan realizar solicitudes no autorizadas a través de su servidor.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2025-55150 is a Server-Side Request Forgery vulnerability in Stirling-PDF versions prior to 1.1.0, allowing attackers to bypass sanitization and potentially access internal resources.
You are affected if you are using Stirling-PDF version 1.1.0 or earlier. Check your installed version and upgrade immediately if vulnerable.
Upgrade Stirling-PDF to version 1.1.0 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation if upgrading is not immediately possible.
There is currently no evidence of active exploitation, but the SSRF nature of the vulnerability makes exploitation likely.
Refer to the official Stirling-PDF project website or repository for the latest security advisories and updates.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.