Cyber Resilience

CVE-2025-55150

High

Published: 11 August 2025

Published
11 August 2025
Modified
15 August 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.1264 94.1th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55150 is a high-severity SSRF (CWE-918) vulnerability in Stirlingpdf Stirling Pdf. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

Stirling-PDF is a locally hosted web application for performing operations on PDF files. Prior to version 1.1.0 the /api/v1/convert/html/pdf endpoint invokes a third-party tool to convert supplied HTML and applies a sanitizer that can be bypassed, resulting in a server-side request forgery flaw tracked as CWE-918.

An unauthenticated attacker can reach the endpoint over the network and supply crafted input that bypasses the sanitizer, enabling SSRF with high confidentiality impact and limited integrity and availability effects as reflected in the CVSS 8.6 score.

The vulnerability is resolved in release 1.1.0; the project advisory GHSA-xw8v-9mfm-g2pm and the associated commit 7d6b70871bad2a3ff810825f7382c49f55293943 document the patch. The EPSS score has remained flat at 0.1264 with no material rise after disclosure.

EU & UK References

Vulnerability details

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a…

more

sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
Why these techniques?

SSRF vulnerability in public-facing /api/v1/convert/html/pdf endpoint enables exploitation of public-facing applications (T1190) and facilitates internal network service discovery (T1046) by bypassing HTML sanitizer to make unauthorized requests to arbitrary internal resources.

CVEs Like This One

CVE-2025-55161Same product: Stirlingpdf Stirling Pdf
CVE-2024-13924Shared CWE-918
CVE-2026-42860Shared CWE-918
CVE-2025-25785Shared CWE-918
CVE-2024-53705Shared CWE-918
CVE-2026-5418Shared CWE-918
CVE-2026-45082Shared CWE-918
CVE-2026-7065Shared CWE-918
CVE-2025-28091Shared CWE-918
CVE-2025-1849Shared CWE-918

Affected Assets

stirlingpdf
stirling pdf
≤ 1.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires robust validation of HTML inputs to the /api/v1/convert/html/pdf endpoint to prevent sanitizer bypasses and SSRF payloads.

prevent

Enforces information flow control policies to restrict the backend third-party tool from initiating unauthorized requests to internal or external resources.

prevent

Implements boundary protections like web application firewalls or outbound network filters to block SSRF exploitation from the vulnerable Stirling-PDF instance.

References