What is CVE-2025-55150?

CVE-2025-55150 is a high-severity vulnerability in Stirling-tools Stirling-pdf, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.6/10. Published 2025-08-11.

How severe is CVE-2025-55150?

High severity. CVSS v3 base score is 8.6 out of 10.

Is CVE-2025-55150 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Stirling-tools Stirling-pdf

CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to proces…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.070 (91.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L.

Affected products

Stirling-tools Stirling-pdf — versions < 1.1.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

References

https://github.com/Stirling-Tools/Stirling-PDF/security/advisories/GHSA-xw8v-9mfm-g2pm (x_refsource_CONFIRM)
https://github.com/Stirling-Tools/Stirling-PDF/commit/7d6b70871bad2a3ff810825f7382c49f55293943 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-55150?: CVE-2025-55150 is a high-severity vulnerability in Stirling-tools Stirling-pdf, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.6/10. Published 2025-08-11.
How severe is CVE-2025-55150?: High severity. CVSS v3 base score is 8.6 out of 10.
Is CVE-2025-55150 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.