CVE-2025-55150
Published: 11 August 2025
Summary
CVE-2025-55150 is a high-severity SSRF (CWE-918) vulnerability in Stirlingpdf Stirling Pdf. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires robust validation of HTML inputs to the /api/v1/convert/html/pdf endpoint to prevent sanitizer bypasses and SSRF payloads.
Enforces information flow control policies to restrict the backend third-party tool from initiating unauthorized requests to internal or external resources.
Implements boundary protections like web application firewalls or outbound network filters to block SSRF exploitation from the vulnerable Stirling-PDF instance.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing /api/v1/convert/html/pdf endpoint enables exploitation of public-facing applications (T1190) and facilitates internal network service discovery (T1046) by bypassing HTML sanitizer to make unauthorized requests to arbitrary internal resources.
NVD Description
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a…
more
sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
Deeper analysisAI
CVE-2025-55150 is a server-side request forgery (SSRF) vulnerability, classified under CWE-918, affecting Stirling-PDF, a locally hosted web application for performing various operations on PDF files. The issue exists in versions prior to 1.1.0, specifically within the /api/v1/convert/html/pdf endpoint used for converting HTML to PDF. During processing, the backend invokes a third-party tool and applies a security sanitizer, which can be bypassed, enabling SSRF. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L), indicating high severity due to network accessibility, low attack complexity, and no authentication requirements.
Unauthenticated attackers with network access to a vulnerable Stirling-PDF instance can exploit this by sending crafted requests to the affected endpoint. Successful exploitation allows the attacker to trick the backend into making unauthorized requests to internal or external resources controlled by the attacker. This can result in high confidentiality impacts, such as disclosure of internal network details, along with low integrity and availability effects, while maintaining an unchanged impact scope.
The vulnerability has been addressed in Stirling-PDF version 1.1.0. Security practitioners should upgrade to this patched version immediately. Additional details are available in the GitHub security advisory (GHSA-xw8v-9mfm-g2pm) and the patching commit (7d6b70871bad2a3ff810825f7382c49f55293943).
Details
- CWE(s)