CVE-2025-55150

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 1.1.0

Description: Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery (SSRF) when converting HTML to PDF using the /api/v1/convert/html/pdf endpoint. This occurs because the security sanitizer used during HTML processing can be bypassed, allowing unauthorized requests to external resources. The backend utilizes a third-party tool for this conversion process.

Recommendations: Upgrade to version 1.1.0 or later.