CVE-2025-56589

Name of the Vulnerable Software and Affected Versions Apryse HTML2PDF SDK versions through 11.6.0

Description A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) issue exists in the InsertFromHtmlString() function. These issues could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Exploitation of these issues could lead to the disclosure of sensitive data or potential system takeover. A Server-Side Request Forgery (SSRF) is a web security flaw that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. A Local File Inclusion (LFI) is a web security flaw that allows an attacker to include files on the web server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.