PT-2025-32596 · Unknown · Stirling-Pdf
Ninjagpt
·
Published
2025-08-11
·
Updated
2026-04-13
·
CVE-2025-55161
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Stirling-PDF versions prior to 1.1.0
Description:
Stirling-PDF is a locally hosted web application used for PDF file operations. Prior to version 1.1.0, the application is susceptible to Server-Side Request Forgery (SSRF) when utilizing the
/api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF. The backend's security sanitizer can be bypassed, leading to the SSRF condition.Recommendations:
Upgrade to Stirling-PDF version 1.1.0 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stirling-Pdf