CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r	Exploit
https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:stirlingpdf:stirling_pdf:*:*:*:*:*:*:*:*

History

17 Jun 2025, 14:19

Type	Values Removed	Values Added
First Time		Stirlingpdf Stirlingpdf stirling Pdf
CPE		cpe:2.3:a:stirlingpdf:stirling_pdf::::::::
References	~~() https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r -~~	() https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r - Exploit
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

02 May 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r -~~	() https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r -

02 May 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Stirling-PDF es una aplicación web alojada localmente que permite realizar diversas operaciones con archivos PDF. Antes de la versión 0.45.0, Stirling-PDF era vulnerable a la lectura arbitraria de archivos inducida por SSRF. WeasyPrint redefine un conjunto de etiquetas HTML, como img, embed, object y otras. Las referencias a varios archivos que contiene permiten adjuntar contenido de cualquier página web o archivo local a un PDF. Esto permite al atacante leer cualquier archivo del servidor, incluyendo archivos confidenciales y de configuración. Todos los usuarios que utilicen esta función se verán afectados. Este problema se ha corregido en la versión 0.45.0.

01 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 18:15

Updated : 2025-06-17 14:19

NVD link : CVE-2025-46568

Mitre link : CVE-2025-46568

CVE.ORG link : CVE-2025-46568

JSON object : View

Products Affected

stirlingpdf

stirling_pdf

CWE

CWE-918

Server-Side Request Forgery (SSRF)

7.5 /10