CVE-2025-55151 Overview
CVE-2025-55151 is a Server-Side Request Forgery (SSRF) vulnerability affecting Stirling-PDF, a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process. This issue has been patched in version 1.1.0.
Critical Impact
This SSRF vulnerability allows attackers to make unauthorized server-side requests through the PDF conversion functionality, potentially enabling access to internal services, data exfiltration, or further network reconnaissance from the server's perspective.
Affected Products
- Stirling-PDF versions prior to 1.1.0
- Self-hosted Stirling-PDF deployments using the /api/v1/convert/file/pdf endpoint
- Environments using LibreOffice's unoconvert tool for PDF conversion
Discovery Timeline
- 2025-08-11 - CVE-2025-55151 published to NVD
- 2025-08-15 - Last updated in NVD database
Technical Details for CVE-2025-55151
Vulnerability Analysis
This vulnerability is classified under CWE-918 (Server-Side Request Forgery), which occurs when a web application fetches remote resources without properly validating user-supplied URLs. In the context of Stirling-PDF, the PDF conversion functionality processes user-controlled input that can include URLs or references to external resources. When LibreOffice's unoconvert tool processes these inputs, it can be manipulated to make requests to arbitrary internal or external endpoints.
The attack is accessible over the network and requires no authentication or user interaction, making it particularly dangerous for exposed Stirling-PDF instances. Successful exploitation could lead to unauthorized access to internal services, cloud metadata endpoints, or other sensitive resources accessible from the server.
Root Cause
The root cause of CVE-2025-55151 lies in insufficient input validation and URL sanitization within the PDF conversion pipeline. The application failed to implement proper SSRF protection mechanisms when handling URLs embedded in documents or user-supplied content destined for PDF conversion via LibreOffice.
The vulnerable code path did not validate or restrict the destination of server-side requests, allowing attackers to craft malicious documents or conversion requests that would cause the server to make requests to attacker-controlled or internal network destinations.
Attack Vector
An attacker can exploit this vulnerability by submitting a specially crafted file or request to the /api/v1/convert/file/pdf endpoint. The malicious input would contain references to internal URLs (such as http://localhost, http://127.0.0.1, or internal IP ranges) or cloud metadata endpoints (like http://169.254.169.254/). When the LibreOffice unoconvert tool processes this input, it follows these references, effectively allowing the attacker to:
- Probe internal network services
- Access cloud instance metadata
- Retrieve sensitive data from internal endpoints
- Potentially pivot to other internal systems
The security patch introduces an SsrfProtectionService component and HTML sanitization policies to validate and restrict URLs before processing:
package stirling.software.common.util;
+import org.owasp.html.AttributePolicy;
import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;
import org.owasp.html.Sanitizers;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import stirling.software.common.model.ApplicationProperties;
+import stirling.software.common.service.SsrfProtectionService;
+@Component
public class CustomHtmlSanitizer {
+ private final SsrfProtectionService ssrfProtectionService;
+ private final ApplicationProperties applicationProperties;
+ @Autowired
+ public CustomHtmlSanitizer(
+ SsrfProtectionService ssrfProtectionService,
+ ApplicationProperties applicationProperties) {
+ this.ssrfProtectionService = ssrfProtectionService;
+ this.applicationProperties = applicationProperties;
+ }
+ private final AttributePolicy SSRF_SAFE_URL_POLICY =
+ new AttributePolicy() {
+ @Override
Source: GitHub Commit Change
Detection Methods for CVE-2025-55151
Indicators of Compromise
- Unusual outbound network connections from the Stirling-PDF server to internal IP ranges (e.g., 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
- Requests to cloud metadata endpoints such as 169.254.169.254 from the application server
- Suspicious conversion requests containing URLs to internal services in the /api/v1/convert/file/pdf endpoint logs
- Unexpected DNS queries originating from the Stirling-PDF application process
Detection Strategies
- Monitor network traffic from Stirling-PDF servers for connections to internal IP addresses or localhost
- Implement web application firewall (WAF) rules to detect SSRF patterns in conversion requests
- Enable detailed logging on the /api/v1/convert/file/pdf endpoint and analyze for suspicious URL patterns
- Deploy SentinelOne Singularity to detect anomalous network behavior and process activities
Monitoring Recommendations
- Configure network segmentation monitoring to alert on unexpected server-to-internal-service communications
- Implement egress filtering and monitor for attempts to access cloud metadata services
- Set up alerts for high volumes of conversion requests from single sources, which may indicate exploitation attempts
How to Mitigate CVE-2025-55151
Immediate Actions Required
- Upgrade Stirling-PDF to version 1.1.0 or later immediately
- If immediate upgrade is not possible, restrict network access to the /api/v1/convert/file/pdf endpoint
- Implement network-level controls to prevent the Stirling-PDF server from accessing internal services
- Review logs for any signs of exploitation prior to patching
Patch Information
The vulnerability has been addressed in Stirling-PDF version 1.1.0. The fix introduces an SsrfProtectionService component that validates URLs before processing and implements OWASP HTML sanitization policies to prevent SSRF attacks. The patch is available in the GitHub commit. For detailed information about the vulnerability and remediation, refer to the GitHub Security Advisory.
Workarounds
- Implement network-level egress filtering to block requests from the Stirling-PDF server to internal IP ranges and cloud metadata endpoints
- Use a reverse proxy or WAF to filter and validate incoming conversion requests before they reach the application
- Disable the PDF conversion functionality entirely if it is not required for your use case
- Deploy the application in an isolated network segment with restricted access to internal resources
# Example: Block outbound traffic to internal ranges and metadata endpoints using iptables
# Run on the Stirling-PDF host server
# Block access to private IP ranges
iptables -A OUTPUT -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -d 192.168.0.0/16 -j DROP
iptables -A OUTPUT -d 127.0.0.0/8 -j DROP
# Block access to cloud metadata endpoint
iptables -A OUTPUT -d 169.254.169.254 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
