Vulnerabilites related to Stirling-Tools - Stirling-PDF
CVE-2024-9075 (GCVE-0-2024-9075)
Vulnerability from cvelistv5
Published
2024-09-21 23:00
Modified
2024-09-23 15:46
Severity ?
2.3 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
2.6 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
2.6 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross Site Scripting
Summary
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.29.0 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains that "this functionality was removed in 0.29.0 already" and "we plan to re-add at later date with issue resolved".
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.278242 | vdb-entry | |
| https://vuldb.com/?ctiid.278242 | signature, permissions-required | |
| https://vuldb.com/?submit.406335 | third-party-advisory | |
| https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing | related |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stirling-Tools | Stirling-PDF |
Version: 0.28.0 Version: 0.28.1 Version: 0.28.2 Version: 0.28.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T15:45:54.063009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T15:46:01.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Markdown-to-PDF"
],
"product": "Stirling-PDF",
"vendor": "Stirling-Tools",
"versions": [
{
"status": "affected",
"version": "0.28.0"
},
{
"status": "affected",
"version": "0.28.1"
},
{
"status": "affected",
"version": "0.28.2"
},
{
"status": "affected",
"version": "0.28.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nilesh (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.29.0 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains that \"this functionality was removed in 0.29.0 already\" and \"we plan to re-add at later date with issue resolved\"."
},
{
"lang": "de",
"value": "In Stirling-Tools Stirling-PDF bis 0.28.3 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente Markdown-to-PDF. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Ein Aktualisieren auf die Version 0.29.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-22T03:59:28.906Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-278242 | Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.278242"
},
{
"name": "VDB-278242 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.278242"
},
{
"name": "Submit #406335 | Stirling-Tools Stirling-PDF - Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.406335"
},
{
"tags": [
"related"
],
"url": "https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-22T06:04:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-9075",
"datePublished": "2024-09-21T23:00:06.683Z",
"dateReserved": "2024-09-21T08:00:26.777Z",
"dateUpdated": "2024-09-23T15:46:01.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52286 (GCVE-0-2024-52286)
Vulnerability from cvelistv5
Published
2024-11-11 19:14
Modified
2025-01-09 14:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code in the context of the user. The issue stems to the code starting at `Line 24` in `src/main/resources/static/js/merge.js`. The file name is directly being input into InnerHTML with no sanitization on the file name, allowing a malicious user to be able to upload files with names containing HTML tags. As HTML tags can include JavaScript code, this can be used to execute JavaScript code in the context of the user. This is a self-injection style attack and relies on a user uploading the malicious file themselves and it impact only them, not other users. A user might be social engineered into running this to launch a phishing attack. Nevertheless, this breaks the expected security restrictions in place by the application. This issue has been addressed in version 0.32.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-9j55-gvf2-cqwv | x_refsource_CONFIRM | |
| https://github.com/Stirling-Tools/Stirling-PDF/commit/404e31468ec98413f1906cc7ee3d49091638c693 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stirling-Tools | Stirling-PDF |
Version: < 0.32.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:stirlingpdf:stirling_pdf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stirling_pdf",
"vendor": "stirlingpdf",
"versions": [
{
"lessThan": "0.32.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T14:45:47.778729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T14:47:00.180Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-09T14:29:29.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://hotanya.fyi/blog/self-xss-in-stirling-pdf-cve-2024-52286/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Stirling-PDF",
"vendor": "Stirling-Tools",
"versions": [
{
"status": "affected",
"version": "\u003c 0.32.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code in the context of the user. The issue stems to the code starting at `Line 24` in `src/main/resources/static/js/merge.js`. The file name is directly being input into InnerHTML with no sanitization on the file name, allowing a malicious user to be able to upload files with names containing HTML tags. As HTML tags can include JavaScript code, this can be used to execute JavaScript code in the context of the user. This is a self-injection style attack and relies on a user uploading the malicious file themselves and it impact only them, not other users. A user might be social engineered into running this to launch a phishing attack. Nevertheless, this breaks the expected security restrictions in place by the application. This issue has been addressed in version 0.32.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T19:14:47.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-9j55-gvf2-cqwv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-9j55-gvf2-cqwv"
},
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/commit/404e31468ec98413f1906cc7ee3d49091638c693",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/commit/404e31468ec98413f1906cc7ee3d49091638c693"
}
],
"source": {
"advisory": "GHSA-9j55-gvf2-cqwv",
"discovery": "UNKNOWN"
},
"title": "Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52286",
"datePublished": "2024-11-11T19:14:47.330Z",
"dateReserved": "2024-11-06T19:00:26.393Z",
"dateUpdated": "2025-01-09T14:29:29.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55150 (GCVE-0-2025-55150)
Vulnerability from cvelistv5
Published
2025-08-11 21:57
Modified
2025-08-12 15:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xw8v-9mfm-g2pm | x_refsource_CONFIRM | |
| https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stirling-Tools | Stirling-PDF |
Version: < 1.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55150",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:48:20.272581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:48:34.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Stirling-PDF",
"vendor": "Stirling-Tools",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:57:14.326Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xw8v-9mfm-g2pm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xw8v-9mfm-g2pm"
},
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943"
}
],
"source": {
"advisory": "GHSA-xw8v-9mfm-g2pm",
"discovery": "UNKNOWN"
},
"title": "Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55150",
"datePublished": "2025-08-11T21:57:14.326Z",
"dateReserved": "2025-08-07T18:27:23.305Z",
"dateUpdated": "2025-08-12T15:48:34.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46568 (GCVE-0-2025-46568)
Vulnerability from cvelistv5
Published
2025-05-01 17:20
Modified
2025-05-02 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stirling-Tools | Stirling-PDF |
Version: < 0.45.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46568",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-02T13:33:43.822793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-02T13:33:46.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Stirling-PDF",
"vendor": "Stirling-Tools",
"versions": [
{
"status": "affected",
"version": "\u003c 0.45.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T17:20:46.488Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-998c-x8hx-737r"
}
],
"source": {
"advisory": "GHSA-998c-x8hx-737r",
"discovery": "UNKNOWN"
},
"title": "Stirling-PDF Server-Side Request Forgery (SSRF)-Induced Arbitrary File Read Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46568",
"datePublished": "2025-05-01T17:20:46.488Z",
"dateReserved": "2025-04-24T21:10:48.175Z",
"dateUpdated": "2025-05-02T13:33:46.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55151 (GCVE-0-2025-55151)
Vulnerability from cvelistv5
Published
2025-08-11 21:56
Modified
2025-08-12 15:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-76hv-h7g2-xfv3 | x_refsource_CONFIRM | |
| https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stirling-Tools | Stirling-PDF |
Version: < 1.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:47:22.452550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:47:33.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Stirling-PDF",
"vendor": "Stirling-Tools",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the \"convert file to pdf\" functionality (/api/v1/convert/file/pdf) uses LibreOffice\u0027s unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T21:56:54.737Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-76hv-h7g2-xfv3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-76hv-h7g2-xfv3"
},
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943"
}
],
"source": {
"advisory": "GHSA-76hv-h7g2-xfv3",
"discovery": "UNKNOWN"
},
"title": "Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55151",
"datePublished": "2025-08-11T21:56:54.737Z",
"dateReserved": "2025-08-07T18:27:23.305Z",
"dateUpdated": "2025-08-12T15:47:33.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55161 (GCVE-0-2025-55161)
Vulnerability from cvelistv5
Published
2025-08-11 22:28
Modified
2025-08-12 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-ff33-grr6-rmvp | x_refsource_CONFIRM | |
| https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Stirling-Tools | Stirling-PDF |
Version: < 1.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55161",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:50:33.450436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:50:45.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Stirling-PDF",
"vendor": "Stirling-Tools",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T22:28:30.152Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-ff33-grr6-rmvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-ff33-grr6-rmvp"
},
{
"name": "https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943"
}
],
"source": {
"advisory": "GHSA-ff33-grr6-rmvp",
"discovery": "UNKNOWN"
},
"title": "Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55161",
"datePublished": "2025-08-11T22:28:30.152Z",
"dateReserved": "2025-08-07T18:27:23.306Z",
"dateUpdated": "2025-08-12T15:50:45.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}