CVE-2025-51591

LOW EXPLOITED

JGM Pandoc v3.6.4 - SSRF

Title source: llm

Description

A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.

Exploits (2)

github SCANNER 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-51591

View Code ZIP pw:eip

nomisec WORKING POC

by Malayke · infoleak

https://github.com/Malayke/CVE-2025-51591-Pandoc-SSRF-POC

View Code ZIP pw:eip

References (13)

[Various Sources] http://pandoc.com

[Various Sources] https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591

[Various Sources] https://github.com/jgm/pandoc/discussions/11200

[Various Sources] https://www.wiz.io/blog/imds-anomaly-hunting-zero-day

[Various Sources] https://pandoc.org

[Various Sources] http://jgm.com

[Patch] https://github.com/jgm/pandoc/commit/67edf7ce7cd3563a180ae44bd122b012e22364f8

[Various Sources] http://jgm.com/

[Various Sources] http://pandoc.com/

[Issue Tracking] https://github.com/jgm/pandoc/issues/10682

[Issue Tracking] https://github.com/jgm/pandoc/issues/11261

[Issue Tracking] https://github.com/jgm/pandoc/issues/8874

[Issue Tracking] https://github.com/jgm/pandoc/pull/11262

Scores

CVSS v3 3.7

EPSS 0.0010

EPSS Percentile 27.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2025-09-22

CWE

CWE-918

Status published

Published Jul 11, 2025

Tracked Since Feb 18, 2026