What is the CVSS score of CVE-2025-55151?

CVE-2025-55151 has a CVSS 3.1 base score of 8.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L. EPSS exploitation probability: 0.1%.

Which versions of Stirling Pdf are affected by CVE-2025-55151?

Organizations using Stirling-PDF face significant risk from CVE-2025-55151, a server-side request forgery vulnerability rated CVSS 8.6.. A patch is available.

How to fix or mitigate CVE-2025-55151?

Within 30 days: Identify all affected systems and apply vendor patches as part of regular patch cycle. Implement egress filtering and URL validation for server-side requests.

Stirling Pdf CVE-2025-55151

HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2025-08-11 security-advisories@github.com

SSRF Stirling Pdf

8.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.6 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:06 vuln.today

Patch released

Mar 28, 2026 - 19:06 nvd

Patch available

CVE Published

Aug 11, 2025 - 22:15 nvd

HIGH 8.6

DescriptionGitHub Advisory

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.

AnalysisAI

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Technical ContextAI

This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0. Affected products include: Stirlingpdf Stirling Pdf. Version information: version 1.1.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.

CVE-2025-55151 vulnerability details – vuln.today

Back