CVE-2025-46568

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0.

CVSS

No CVSS.

References

Link	Resource
https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r
https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r

Configurations

No configuration.

History

02 May 2025, 14:15

Type	Values Removed	Values Added
References	~~() https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r -~~	() https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r -

02 May 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Stirling-PDF es una aplicación web alojada localmente que permite realizar diversas operaciones con archivos PDF. Antes de la versión 0.45.0, Stirling-PDF era vulnerable a la lectura arbitraria de archivos inducida por SSRF. WeasyPrint redefine un conjunto de etiquetas HTML, como img, embed, object y otras. Las referencias a varios archivos que contiene permiten adjuntar contenido de cualquier página web o archivo local a un PDF. Esto permite al atacante leer cualquier archivo del servidor, incluyendo archivos confidenciales y de configuración. Todos los usuarios que utilicen esta función se verán afectados. Este problema se ha corregido en la versión 0.45.0.

01 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 18:15

Updated : 2025-05-02 14:15

NVD link : CVE-2025-46568

Mitre link : CVE-2025-46568

CVE.ORG link : CVE-2025-46568

JSON object : View

Products Affected

No product.

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2025-46568", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-01T18:15:58.263", "references": [{"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r", "source": "security-advisories@github.com"}, {"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0."}, {"lang": "es", "value": "Stirling-PDF es una aplicaci\u00f3n web alojada localmente que permite realizar diversas operaciones con archivos PDF. Antes de la versi\u00f3n 0.45.0, Stirling-PDF era vulnerable a la lectura arbitraria de archivos inducida por SSRF. WeasyPrint redefine un conjunto de etiquetas HTML, como img, embed, object y otras. Las referencias a varios archivos que contiene permiten adjuntar contenido de cualquier p\u00e1gina web o archivo local a un PDF. Esto permite al atacante leer cualquier archivo del servidor, incluyendo archivos confidenciales y de configuraci\u00f3n. Todos los usuarios que utilicen esta funci\u00f3n se ver\u00e1n afectados. Este problema se ha corregido en la versi\u00f3n 0.45.0."}], "lastModified": "2025-05-02T14:15:19.860", "sourceIdentifier": "security-advisories@github.com"}