CVE-2025-51591 identifies a Server-Side Request Forgery (SSRF) vulnerability in JGM Pandoc version 3.6.4. SSRF vulnerabilities occur when an attacker can manipulate a server-side application to make unauthorized requests to internal or external systems, potentially bypassing network restrictions. In this case, Pandoc's default behavior to retrieve and parse HTML content without sufficient validation allows attackers to inject a crafted iframe that triggers SSRF. This can lead to unauthorized access to internal infrastructure components, potentially exposing sensitive data or enabling further compromise. The vulnerability is linked to CWE-918 (Server-Side Request Forgery). Mitigation strategies include using the '--sandbox' option, which restricts Pandoc's ability to fetch external content, or running the 'pandoc-server' mode that isolates processing. Furthermore, using Pandoc with external PDF engines such as wkhtmltopdf can introduce additional SSRF risks, as demonstrated by CVE-2022-35583, highlighting the need for careful configuration of external tools. The CVSS vector (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network attack vector, high attack complexity, no privileges or user interaction required, unchanged scope, and low confidentiality impact without integrity or availability impact. No patches or exploits are currently reported, but the vulnerability warrants attention due to the potential for infrastructure exposure.

For European organizations, the primary impact of CVE-2025-51591 lies in the potential unauthorized access to internal networks and infrastructure through SSRF exploitation in document processing workflows that utilize Pandoc. Organizations relying on automated document conversions, especially those processing untrusted or external HTML content, risk exposure of sensitive internal services or data. While the confidentiality impact is rated low, SSRF can be a stepping stone for attackers to perform reconnaissance or pivot within networks. The lack of integrity and availability impact reduces the immediate risk of data manipulation or service disruption. However, the complexity of exploitation is high, which may limit widespread attacks in the short term. European entities in sectors with high document processing demands—such as legal, publishing, government, and academia—should be particularly vigilant. Additionally, organizations using external PDF engines in conjunction with Pandoc may face compounded risks. The absence of known exploits provides a window for proactive mitigation before active attacks emerge.

European organizations should implement the following specific mitigations to reduce risk from CVE-2025-51591: 1) Configure Pandoc to use the '--sandbox' option to restrict its ability to fetch and parse external HTML content, effectively limiting SSRF attack vectors. 2) Where possible, run Pandoc in 'pandoc-server' mode, which isolates document processing and reduces exposure to crafted content. 3) Audit and restrict usage of external PDF engines like wkhtmltopdf with Pandoc, ensuring they are updated and configured securely to prevent SSRF vulnerabilities similar to CVE-2022-35583. 4) Implement network-level controls such as egress filtering and internal segmentation to limit server access to only necessary resources, reducing the impact of SSRF if exploited. 5) Monitor logs for unusual outbound requests originating from Pandoc processes or related services. 6) Educate development and operations teams about the risks of processing untrusted HTML content and enforce strict input validation and content sanitization policies. 7) Stay updated on vendor patches or security advisories related to Pandoc and apply them promptly once available. These measures go beyond generic advice by focusing on configuration hardening, network controls, and operational monitoring tailored to the specific nature of this SSRF vulnerability.