CVE-2025-46568 is a Server-Side Request Forgery (SSRF) vulnerability classified under CWE-918, affecting Stirling-Tools' Stirling-PDF, a locally hosted web application used for PDF manipulation. Prior to version 0.45.0, the application improperly handles HTML tags such as img, embed, and object when rendering PDFs via WeasyPrint. WeasyPrint allows embedding content from external or local sources into PDFs by resolving references within these tags. An attacker can exploit this behavior to craft malicious PDF generation requests that cause the server to fetch and include arbitrary local files into the generated PDF. This leads to arbitrary file read on the server, exposing sensitive files like configuration files, credentials, or other critical data. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 7.7 (high), reflecting network attack vector, low complexity, no privileges or user interaction required, and high confidentiality impact. No known exploits are currently reported in the wild, but the vulnerability's nature makes it a significant risk for data leakage. The issue was patched in Stirling-PDF version 0.45.0 by restricting or sanitizing the references used in these HTML tags to prevent SSRF and arbitrary file reads.

For European organizations, this vulnerability poses a substantial risk of unauthorized disclosure of sensitive internal files, including configuration files that may contain credentials or other secrets. Such data exposure can facilitate further attacks, including privilege escalation, lateral movement, or compromise of other systems. Organizations using Stirling-PDF in environments processing confidential documents or operating in regulated sectors (e.g., finance, healthcare, government) face compliance risks due to potential data breaches. The vulnerability's remote and unauthenticated nature means attackers can exploit it without insider access, increasing the threat surface. Additionally, the arbitrary file read could be leveraged to gather intelligence about the server environment, aiding in subsequent targeted attacks. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future exploitation, especially as the vulnerability becomes publicly known.

The primary mitigation is to upgrade Stirling-PDF to version 0.45.0 or later, where the vulnerability is patched. Until upgrade is possible, organizations should restrict network access to the Stirling-PDF application to trusted users and internal networks only, minimizing exposure to external attackers. Implement strict input validation and sanitization on any user-supplied data that influences PDF generation, especially references within HTML tags processed by WeasyPrint. Employ network-level controls such as web application firewalls (WAFs) to detect and block suspicious SSRF patterns targeting the application. Conduct thorough audits of server file permissions to limit the impact of arbitrary file reads, ensuring sensitive files are not world-readable. Monitor application logs for unusual requests that attempt to access local resources via the vulnerable functionality. Finally, integrate this vulnerability into incident response plans to quickly address any exploitation attempts.