CVE-2025-55161 is a high-severity Server-Side Request Forgery (SSRF) vulnerability affecting Stirling-PDF, a locally hosted web application designed to perform various PDF file operations. The vulnerability exists in versions prior to 1.1.0, specifically in the /api/v1/convert/markdown/pdf endpoint, which converts Markdown documents to PDF format. During this conversion process, the backend invokes a third-party tool to handle the operation and applies a security sanitizer intended to prevent malicious input. However, this sanitizer can be bypassed, allowing an attacker to craft malicious requests that cause the server to make unintended HTTP requests to internal or external resources. SSRF vulnerabilities like this can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact includes high confidentiality loss, as attackers can access sensitive internal services or metadata, with additional limited integrity and availability impacts. The vulnerability has been patched in version 1.1.0 of Stirling-PDF. No known exploits are currently reported in the wild, but the high CVSS score of 8.6 reflects the significant risk posed by this flaw if left unpatched. The CWE-918 classification confirms the SSRF nature of the issue, which is a common and dangerous web application vulnerability that can lead to further internal network compromise or data exfiltration.

For European organizations using Stirling-PDF versions earlier than 1.1.0, this SSRF vulnerability poses a significant risk. Since Stirling-PDF is locally hosted, exploitation could allow attackers to pivot from the compromised application to internal network resources, potentially accessing sensitive data or internal APIs not exposed externally. This could lead to unauthorized data disclosure, including confidential documents or internal services. The confidentiality impact is high, as attackers can leverage SSRF to bypass network segmentation and access internal-only endpoints. Integrity and availability impacts are lower but still present, as attackers might manipulate backend services or cause denial of service through crafted requests. European organizations in sectors such as finance, healthcare, legal, and government, which often handle sensitive PDF documents and rely on internal document processing tools, are particularly at risk. The lack of required authentication and user interaction increases the threat level, making automated exploitation feasible. Additionally, compliance with GDPR and other data protection regulations could be jeopardized if sensitive data is exposed due to this vulnerability.

Organizations should immediately upgrade Stirling-PDF to version 1.1.0 or later, where the SSRF vulnerability has been patched. Until the upgrade is applied, it is critical to implement network-level controls to restrict the application’s outbound HTTP requests to only trusted destinations, using firewall rules or proxy filtering. Application-level input validation should be enhanced to reject suspicious URLs or IP addresses, especially those pointing to internal network ranges (e.g., 10.0.0.0/8, 192.168.0.0/16, 127.0.0.0/8). Monitoring and logging of all outbound requests from the Stirling-PDF server should be enabled to detect anomalous or unexpected traffic patterns indicative of SSRF exploitation attempts. Additionally, organizations should conduct internal penetration testing focused on SSRF to identify any other potential weaknesses. Segmentation of the network hosting Stirling-PDF from sensitive internal systems can reduce the blast radius if exploitation occurs. Finally, ensure that all third-party tools integrated with Stirling-PDF are kept up to date and reviewed for similar vulnerabilities.