CVE-2025-55161 Scanner

Stirling-PDF is a versatile, locally hosted web application designed for users who need to perform a variety of operations on PDF files such as conversion and manipulation. Popular with professionals and organizations, Stirling-PDF facilitates tasks like format conversion, extracting text, or combining documents, enhancing productivity and workflow efficiency. Users from publishing houses, legal firms, educational institutions, and other sectors rely on its robust PDF handling capabilities. The application supports multiple file formats and integrates with various tools to deliver seamless document management. Stirling-PDF comes with an intuitive interface, making it accessible even to users with minimal technical expertise. Its focus on enhancing document handling makes Stirling-PDF a valuable tool in environments that frequently work with PDF files.

Server-Side Request Forgery (SSRF) is a vulnerability that occurs when an attacker is able to abuse a server's ability to make HTTP requests on its behalf. In the context of Stirling-PDF, this vulnerability could be exploited to send unauthorized requests to internal or external services via the PDF conversion endpoint. The vulnerability stems from insufficient input sanitization, allowing malicious users to insert crafted URLs in requests. This can lead to unauthorized data access and undesired interactions with the server or third-party services. Attackers exploiting SSRF are often looking for ways to execute further attacks, such as extraction of sensitive data or triggering actions on internal networks. The exploitation of SSRF vulnerabilities presents significant security risks to affected systems.

In terms of technical details, the SSRF vulnerability in Stirling-PDF is present in the /api/v1/convert/markdown/pdf endpoint used for converting Markdown content to PDFs. Specifically, the vulnerability arises from the ability to embed URLs within Markdown files that are intended for conversion. The backend responsible for the conversion task utilises a third-party utility which accepts these embedded values with minimal sanitization. An attacker can craft a specially formed Markdown file where an tag references an attacker-controlled URL. This URL can point to internal resources, thereby triggering the SSRF condition. The lack of a strong safeguard on these references enables the attack vector to persist until the application version is upgraded.

Exploitation of this vulnerability could lead to a variety of impacts including unauthorized queries to internal networks, and potentially accessing sensitive resources that are not meant to be publicly available. In scenarios where the third-party service used for conversion has permissions to internal systems, the risk can extend to data breaches or manipulation of internal applications. Moreover, the attack can lead to service disruptions if internal systems are overwhelmed with unexpected requests. This demonstrates the critical need for ensuring input is properly validated and sanitized to prevent such abuse.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2025-55161
• https://github.com/Stirling-Tools/Stirling-PDF