cbcvebase.
CVE-2025-55161
published 2025-08-11

CVE-2025-55161: Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.86%
76.7th percentile
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization which can be bypassed and result in SSRF. This issue has been patched in version 1.1.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
stirling-toolsstirling-pdf< 1.1.01.1.0
stirlingpdfstirling_pdf< 1.1.01.1.0

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/convert/markdown/pdf
sigma
shodan-query: http.title:"Stirling PDF"
  • Monitor for POST requests to /api/v1/convert/markdown/pdf containing Markdown image tags with external URLs (SSRF via img src), especially with multipart/form-data bodies and .md file uploads.
  • Detect out-of-band DNS/HTTP interactions triggered by the server after receiving a crafted Markdown file upload — indicative of successful SSRF exploitation via this endpoint.
  • A successful exploit response will return HTTP 200 with Content-Type application/pdf after submitting the malicious Markdown payload.
  • Unauthenticated attackers can exploit this endpoint — no authentication headers are required in the attack request.
  • ·The sanitizer intended to block SSRF can be bypassed; do not rely on the built-in sanitizer in pre-1.1.0 deployments as a security control.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.