Vulnerability Description
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stirlingpdf | Stirling Pdf | < 0.45.0 |
Related Weaknesses (CWE)
References
- https://github.com/Stirling-Tools/Stirling-PDF/commit/e15128633718cb5f9262986b37
- https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hExploit
- https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hExploit
FAQ
What is CVE-2025-46568?
CVE-2025-46568 is a vulnerability with a CVSS score of 7.5 (HIGH). Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. We...
How severe is CVE-2025-46568?
CVE-2025-46568 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-46568?
Check the references section above for vendor advisories and patch information. Affected products include: Stirlingpdf Stirling Pdf.