CVE-2025-51591 is a Server-Side Request Forgery (SSRF) vulnerability identified in JGM Pandoc version 3.6.4. SSRF vulnerabilities occur when an attacker can manipulate a server to make unintended requests to internal or external resources. In this case, the vulnerability allows an attacker to inject a crafted iframe, which can be leveraged to access and compromise the entire infrastructure hosting the vulnerable Pandoc instance. Pandoc is a widely used document converter tool that supports multiple input and output formats, often integrated into automated document processing pipelines and web services. The injection of a malicious iframe suggests that the vulnerability may be related to how Pandoc processes or renders embedded HTML or iframe elements within documents, potentially allowing an attacker to force the server to make unauthorized requests to internal services or external endpoints. This can lead to unauthorized data access, lateral movement within the network, and full infrastructure compromise. The vulnerability was published on July 11, 2025, with no CVSS score assigned yet, and no known exploits in the wild at the time of reporting. No patches or mitigations have been linked, indicating that organizations using Pandoc 3.6.4 should consider this a zero-day risk until addressed. The lack of affected version specifics beyond 3.6.4 suggests the issue is confirmed at least in that version, and possibly earlier or later versions as well.

For European organizations, the impact of this SSRF vulnerability in JGM Pandoc 3.6.4 can be significant, especially for entities relying on automated document processing or web services that incorporate Pandoc. Successful exploitation could lead to unauthorized access to internal systems, data exfiltration, and potentially full infrastructure compromise. This is particularly critical for sectors handling sensitive or regulated data such as finance, healthcare, government, and critical infrastructure. The ability to inject iframes and force server-side requests could bypass perimeter defenses, enabling attackers to reach internal-only services, including databases, configuration management systems, or cloud metadata services. This could result in breaches of confidentiality, integrity, and availability. Given the widespread use of Pandoc in academic, publishing, and enterprise environments across Europe, the vulnerability poses a risk to a broad range of organizations. The absence of known exploits currently provides a window for proactive mitigation, but the potential for rapid weaponization remains high due to the nature of SSRF attacks.

1. Immediate mitigation should include auditing all systems running JGM Pandoc version 3.6.4 and isolating those that process untrusted documents or user inputs. 2. Implement strict input validation and sanitization on any document content that may include HTML or iframe elements before processing with Pandoc. 3. Employ network segmentation and firewall rules to restrict the Pandoc server's ability to make outbound requests to internal services or sensitive endpoints, limiting SSRF impact. 4. Monitor network traffic originating from Pandoc servers for unusual or unauthorized requests, especially to internal IP ranges or cloud metadata endpoints. 5. Disable or restrict iframe rendering or HTML processing features in Pandoc if not required for business functions. 6. Engage with the vendor or open-source community to obtain patches or updates addressing this vulnerability as soon as they become available. 7. Consider deploying Web Application Firewalls (WAFs) with SSRF detection capabilities to block suspicious requests. 8. Conduct regular security assessments and penetration tests focusing on SSRF vectors within document processing workflows.