CVE-2025-55853

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).

Vulnerability Details

Published Date

February 19, 2026

Last Modified

February 23, 2026

CWE ID

CWE-918

Source

NVD

External References

https://github.com/Vivz13/CVE-2025-55853/tree/main
https://www.webpdf.de/

CVE-2025-55853

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment