CVE-2025-55161
Published: 11 August 2025
Summary
CVE-2025-55161 is a high-severity SSRF (CWE-918) vulnerability in Stirlingpdf Stirling Pdf. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the SSRF vulnerability by requiring validation of Markdown inputs to prevent sanitizer bypasses that enable unauthorized backend requests.
Boundary protection restricts outbound network communications from the Stirling-PDF server, blocking forged requests to internal or external resources.
Enforces information flow control policies to limit server-initiated requests during Markdown-to-PDF processing to only approved destinations.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF in public-facing web API (/api/v1/convert/markdown/pdf) enables exploitation (T1190), local data access via localhost requests (T1005), and internal network service/port discovery (T1046) by fetching arbitrary URLs during Markdown-to-PDF conversion.
NVD Description
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a…
more
sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
Deeper analysisAI
CVE-2025-55161 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting Stirling-PDF, a locally hosted web application for performing various operations on PDF files. The issue impacts versions prior to 1.1.0 and arises in the /api/v1/convert/markdown/pdf endpoint. During Markdown-to-PDF conversion, the backend invokes a third-party tool and applies a sanitizer for security, but this sanitizer can be bypassed, enabling SSRF. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L).
Remote attackers with network access to the Stirling-PDF instance can exploit this vulnerability without authentication, privileges, or user interaction due to its low attack complexity. By submitting specially crafted Markdown input to the vulnerable endpoint, an attacker can manipulate the backend's third-party tool call to make unauthorized requests, such as to internal or external resources. Successful exploitation can result in high confidentiality impact through data exfiltration, along with low integrity and availability impacts.
The vulnerability has been addressed in Stirling-PDF version 1.1.0. Mitigation involves upgrading to this patched version, as detailed in the project's GitHub security advisory (GHSA-ff33-grr6-rmvp) and the corresponding fix commit (7d6b70871bad2a3ff810825f7382c49f55293943).
Details
- CWE(s)