CVE-2025-46568

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 0.45.0

Description Stirling-PDF is a locally hosted web application that allows users to perform various operations on PDF files. The application is vulnerable to SSRF-induced arbitrary file read due to WeasyPrint redefining a set of HTML tags, including img, embed, object, and others. This allows an attacker to read any file on the server, including sensitive files and configuration files, by attaching content from any webpage or local file to a PDF. All users utilizing this feature will be affected.

Recommendations For versions prior to 0.45.0, update to version 0.45.0 to resolve the issue. As a temporary workaround, consider restricting access to the WeasyPrint feature until the update is applied. Additionally, restrict the use of vulnerable HTML tags, such as img, embed, and object, to minimize the risk of exploitation.