CVE-2025-55853

Exploit

EPSS 0.02%
Veröffentlicht 19.02.2026 00:00:00
Zuletzt bearbeitet 25.03.2026 20:27:53
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Softvision ≫ Webpdf Version < 10.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.049

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.webpdf.de/

Product

https://github.com/Vivz13/CVE-2025-55853/tree/main

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2025-55853

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55853

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55853

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55853