Cyber Posture

CVE-2025-55853

CriticalPublic PoC

Published: 19 February 2026

Published
19 February 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0002 5.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55853 is a critical-severity SSRF (CWE-918) vulnerability in Softvision Webpdf. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 5.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly requires validation of information inputs in uploaded XML and HTML files to block disallowed protocols like http:// and file:/// that enable SSRF and LFI in the PDF converter.

SI-2 Flaw Remediation good match
preventrecover

Mandates timely identification, reporting, and correction of the specific SSRF flaw in SoftVision webPDF by applying vendor patches such as upgrading to version 10.0.2.

SC-7 Boundary Protection partial match
preventdetect

Monitors and controls communications at internal system boundaries to block or detect unauthorized port scanning and resource access attempts initiated by the vulnerable PDF converter.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1046 Network Service Discovery Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

SSRF in public-facing web app directly enables remote exploitation (T1190); facilitates internal network/port scanning (T1046) and local file reads via LFI (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows…

more

an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).

Deeper analysisAI

CVE-2025-55853 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, affecting SoftVision webPDF versions prior to 10.0.2. The issue resides in the PDF converter function, which does not validate whether uploaded files request internal or external resources, allowing protocols such as http:// and file:/// to be processed without restriction.

Unauthenticated remote attackers (AV:N/AC:L/PR:N/UI:N) can exploit this vulnerability by uploading a malicious XML or HTML file to the application. When the file is rendered into a PDF, the converter processes the embedded requests, enabling internal port scanning through SSRF and Local File Inclusion (LFI). The CVSS v3.1 base score of 9.1 (C:H/I:H/A:N/S:U) reflects high impacts on confidentiality and integrity.

The vulnerability is mitigated by upgrading to SoftVision webPDF version 10.0.2 or later. Additional details on patches and advisories are available from the vendor site at https://www.webpdf.de/ and the GitHub proof-of-concept repository at https://github.com/Vivz13/CVE-2025-55853/tree/main.

Details

CWE(s)
CWE-918

Affected Products

softvision
webpdf
≤ 10.0.2

CVEs Like This One

CVE-2024-12450Shared CWE-918
CVE-2025-55161Shared CWE-918
CVE-2024-57767Shared CWE-918
CVE-2026-24736Shared CWE-918
CVE-2026-0686Shared CWE-918
CVE-2025-1849Shared CWE-918
CVE-2025-1848Shared CWE-918
CVE-2026-4528Shared CWE-918
CVE-2025-27777Shared CWE-918
CVE-2026-40242Shared CWE-918

References