CVE-2025-55151 is a high-severity Server-Side Request Forgery (SSRF) vulnerability identified in Stirling-Tools' Stirling-PDF application, specifically affecting versions prior to 1.1.0. Stirling-PDF is a locally hosted web application designed to perform various PDF file operations, including converting files to PDF format. The vulnerable functionality resides in the endpoint /api/v1/convert/file/pdf, which leverages LibreOffice's unoconvert tool for file conversion. During this conversion process, the application fails to properly validate or sanitize user-supplied input, allowing an attacker to craft malicious requests that cause the server to initiate unintended network requests to internal or external resources. SSRF vulnerabilities like CWE-918 enable attackers to bypass network access controls, potentially accessing sensitive internal services, metadata endpoints, or other protected resources that are not directly exposed to the internet. The CVSS v3.1 score of 8.6 reflects the high impact of this vulnerability, with an attack vector of network (AV:N), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality is high, as attackers can retrieve sensitive data from internal systems. Integrity impact is low, and availability impact is low but present. The vulnerability was patched in version 1.1.0 of Stirling-PDF, indicating that upgrading to this or later versions mitigates the risk. No known exploits are currently reported in the wild, but the ease of exploitation and potential impact warrant immediate attention.

For European organizations, the SSRF vulnerability in Stirling-PDF poses significant risks, especially for entities relying on this tool for document processing within internal networks. Exploitation could allow attackers to access internal services, including databases, administrative interfaces, or cloud metadata services, potentially leading to data breaches or lateral movement within the network. Confidentiality of sensitive documents and internal infrastructure information is at risk. Given the vulnerability requires no authentication or user interaction, attackers can remotely exploit exposed instances, increasing the threat surface. Organizations in sectors such as finance, healthcare, government, and critical infrastructure, which often handle sensitive documents and may deploy such tools internally, face heightened risk. Additionally, the use of LibreOffice's unoconvert tool as part of the conversion process means that any misconfiguration or exposure of Stirling-PDF to untrusted networks could exacerbate the impact. The lack of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score and ease of exploitation necessitate urgent patching and network controls.

European organizations should implement the following specific mitigation measures: 1) Immediately upgrade Stirling-PDF installations to version 1.1.0 or later, where the SSRF vulnerability has been patched. 2) Restrict network access to the Stirling-PDF service, ensuring it is not exposed to untrusted networks or the public internet. 3) Implement strict egress filtering on servers running Stirling-PDF to prevent unauthorized outbound requests, limiting the ability of SSRF attacks to reach internal or external targets. 4) Employ application-layer firewall rules or web application firewalls (WAFs) to detect and block suspicious request patterns targeting the /api/v1/convert/file/pdf endpoint. 5) Conduct internal audits to identify any instances of Stirling-PDF in use, including shadow IT deployments, to ensure all are updated or isolated. 6) Monitor logs for unusual outbound requests or access patterns indicative of SSRF exploitation attempts. 7) Consider network segmentation to isolate document processing servers from sensitive internal resources. 8) Educate development and IT teams about SSRF risks and secure coding practices to prevent similar vulnerabilities in custom integrations.