CVE-2025-55150
HIGH NUCLEIstirling_pdf < 1.1.0 - Server-Side Request Forgery via HTML to PDF Conversion
Title source: llmExploitation Summary
CVE-2025-55150 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
Nuclei Templates (1)
Stirling-PDF < 1.1.0 - Server-Side Request Forgery
HIGHVERIFIEDby WeQi
Shodan:
http.title:"Stirling PDF"
FOFA:
title="Stirling PDF"
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xw8v-9mfm-g2pm
Scores
CVSS v3
8.6
EPSS
0.1264
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
stirlingpdf/stirling_pdf
< 1.1.0
Published
Aug 11, 2025
Tracked Since
Feb 18, 2026