CVE-2025-55151

High CVSS 8.6

Overview

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.

CWE: CWE-918 Published: 2025-08-11T22:15:28.140

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.6 (HIGH)
Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

Deny access to internal/metadata addresses; use outbound allowlists.

Overview

Recommended tools

Tags