CVE-2025-46568 – Stirling-PDF SSRF-Induced Arbitrary File Read Vulnerability

May 1, 2025

CVE ID : CVE-2025-46568

Published : May 1, 2025, 6:15 p.m. | 1 hour, 11 minutes ago

Description : Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and others. The references to several files inside, allow the attachment of content from any webpage or local file to a PDF. This allows the attacker to read any file on the server, including sensitive files and configuration files. All users utilizing this feature will be affected. This issue has been patched in version 0.45.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-35975 – MicroDicom DICOM Viewer Out-of-Bounds Write RCE

Next Article CVE-2025-46567 – LLaMA Factory Deserialization Command Execution Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Elden Ring Nightreign classes: All 8 Nightfarer characters in FromSoftware’s co-op spinoff explained

How I make my own NFC tags to share my Wi-Fi password with guests – it’s easy!

Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

Microsoft could bring Elon Musk’s Grok AI model to Azure — Cozying up with OpenAI’s arch-nemesis xAI for its AI Foundry

Perficient is Headed to Salesforce Connections 2025: Here’s What You Need to Know

Perficient is Headed to Salesforce Connections 2025: Here’s What You Need to Know

Perficient Wins 2025 Delivery Award at Appian World for Second Consecutive Year

JavaScript Pulse: Weekly Dev Digest – May 2, 2025

Elden Ring Nightreign classes: All 8 Nightfarer characters in FromSoftware’s co-op spinoff explained

Elden Ring Nightreign classes: All 8 Nightfarer characters in FromSoftware’s co-op spinoff explained

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

KEditBookmarks is a bookmark organizer and editor

CVE-2025-46568 – Stirling-PDF SSRF-Induced Arbitrary File Read Vulnerability

CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221

CVE-2025-3815 – WordPress SurveyJS Stored Cross-Site Scripting

Ignore everything else, this is the true “objective” list of the best Xbox and PC games of 2024

The Iconic Motorola Flip Phone is Back, Now Powered by AI

I can’t pick a favorite — the award-winning Razer Blade 16 or its new big sibling — but you can preorder both now

Microsoft says “ChatGPT isn’t better than Copilot,” but OpenAI’s companion reportedly received more visits in a day than Copilot did in a month

DELTA: A Novel AI Method that Efficiently (10x Faster) Tracks Every Pixel in 3D Space from Monocular Videos

This AI Paper from Microsoft and Oxford Introduce Olympus: A Universal Task Router for Computer Vision Tasks

Apple Releases 4M-21: A Very Effective Multimodal AI Model that Solves Tens of Tasks and Modalities

Google code confirms Gemini in Chrome copies Edge’s Copilot sidebar idea on Windows 11

CVE-2025-46568 – Stirling-PDF SSRF-Induced Arbitrary File Read Vulnerability

Related Posts