CVE-2025-46568

HIGH

Stirling-PDF < 0.45.0 - Server-Side Request Forgery via WeasyPrint HTML Tag Processing

Title source: llm

Description

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0.

References (2)

Core 2

Core References

Exploit x_refsource_confirm

https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r

Patch x_refsource_misc

https://github.com/Stirling-Tools/Stirling-PDF/commit/e15128633718cb5f9262986b3770ca592af60cda

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0042

EPSS Percentile 33.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

stirlingpdf/stirling_pdf < 0.45.0

Published May 01, 2025

Tracked Since Feb 18, 2026