CVE-2025-55853

Name of the Vulnerable Software and Affected Versions SoftVision webPDF versions prior to 10.0.2

Description The software contains a Server-Side Request Forgery (SSRF) issue. The PDF converter function does not validate requested resources in uploaded files, permitting protocols like http:// and file:///. An attacker can upload an XML or HTML file, which, when converted to PDF, enables internal port scanning and Local File Inclusion (LFI).

Recommendations Update to version 10.0.2 or later.