How to fix CVE-2025-56590?

Within 24 hours: Inventory all systems and applications using Apryse HTML2PDF SDK and assess exposure. Implement network segmentation to isolate affected systems. Within 7 days: Disable the InsertFromURL() function if operationally feasible, or restrict access to PDF generation functionality to trusted users only. Monitor vendor communications for patch availability. Within 30 days: Upgrade to patched version immediately upon availability, or migrate to alternative PDF generation solutions if no patch timeline is provided by the vendor.

Is Command Injection affected by CVE-2025-56590?

A critical remote code execution vulnerability (CVE-2025-56590) affecting Apryse HTML2PDF SDK versions through 11.10 could allow attackers to execute arbitrary commands on affected servers. Any organization using this SDK for PDF generation is at immediate risk of complete system compromise.

CVE-2025-56590

CRITICAL

2026-01-22 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 12, 2026 - 15:01 vuln.today

Public exploit code

CVE Published

Jan 22, 2026 - 18:16 nvd

CRITICAL 9.8

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Analysis

Apryse HTML2PDF SDK through version 11.10 has a command injection vulnerability in the InsertFromURL function allowing remote code execution when converting HTML to PDF.

Technical Context

The InsertFromURL() function in Apryse HTML2PDF SDK through 11.10 fails to sanitize URLs before passing them to system commands (CWE-78), allowing injection of arbitrary OS commands.

Affected Products

['Apryse HTML2PDF SDK <= 11.10']

Remediation

Update the SDK. Validate and sanitize all URLs before passing to conversion functions.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: +20

CVE-2025-56590 vulnerability details – vuln.today

Back

CVE-2025-56590

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-56590

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code