CVE-2025-68616 Overview
CVE-2025-68616 is a Server-Side Request Forgery (SSRF) protection bypass vulnerability in WeasyPrint, a popular Python library that helps web developers create PDF documents from HTML/CSS. Prior to version 68.0, an SSRF protection bypass exists in WeasyPrint's default_url_fetcher function. The vulnerability allows attackers to access internal network resources (such as localhost services or cloud metadata endpoints) even when a developer has implemented a custom url_fetcher to block such access. This occurs because the underlying urllib library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy.
Critical Impact
Attackers can bypass SSRF protections to access sensitive internal network resources, cloud metadata endpoints (e.g., AWS EC2 metadata at 169.254.169.254), and localhost services, potentially leading to credential theft, data exfiltration, or further internal network compromise.
Affected Products
- WeasyPrint versions prior to 68.0
- Applications using default_url_fetcher with custom URL validation
- Applications using allowed_protocols parameter of default_url_fetcher
Discovery Timeline
- 2026-01-19 - CVE-2025-68616 published to NVD
- 2026-01-20 - Last updated in NVD database
Technical Details for CVE-2025-68616
Vulnerability Analysis
This vulnerability is classified under CWE-601 (URL Redirection to Untrusted Site / Open Redirect). The flaw exists in the interaction between WeasyPrint's URL fetching mechanism and Python's urllib library. When developers implement security controls to validate URLs before fetching (such as blocking requests to internal IP ranges or localhost), the validation only occurs on the initial URL. However, urllib automatically follows HTTP redirects (301, 302, etc.) without invoking the developer's security checks on the redirect destination.
This means an attacker can provide an external URL that passes the initial security validation, but redirects to an internal resource. The attacker effectively uses the external server as a proxy to reach otherwise-protected internal endpoints. Common targets include cloud provider metadata services, internal APIs, and administrative interfaces bound to localhost.
Root Cause
The root cause is the automatic redirect-following behavior in Python's urllib library combined with insufficient re-validation of redirect destinations. When default_url_fetcher processes a URL, it validates the initial target but does not intercept or validate subsequent redirect URLs. The fix introduces a new URLFetcher class that properly handles redirects by applying the same security policy to all URLs in the redirect chain, and disables automatic redirects for the deprecated default_url_fetcher function.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker can exploit this vulnerability by:
- Setting up a malicious external server that responds with an HTTP redirect (302) to an internal target URL
- Submitting HTML/CSS content to a vulnerable WeasyPrint instance that references the attacker's external URL
- The external URL passes the developer's URL validation since it points to an allowed external domain
- When fetched, the external server redirects to http://169.254.169.254/latest/meta-data/ or http://localhost:8080/admin
- urllib automatically follows the redirect, bypassing security controls
warnings.warn(
"default_url_fetcher is deprecated and will be removed in WeasyPrint 69.0, "
"please use URLFetcher instead. For security reasons, HTTP redirects are not "
"supported anymore with default_url_fetcher, but are with URLFetcher.\n\nSee "
"https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#url-fetchers",
category=DeprecationWarning)
fetcher = URLFetcher(
timeout, ssl_context, http_headers, allowed_protocols, allow_redirects=False)
return fetcher.fetch(url)
Source: GitHub Commit Changes
Detection Methods for CVE-2025-68616
Indicators of Compromise
- Outbound HTTP requests from WeasyPrint application servers to unusual external domains followed by internal network connections
- Access logs showing requests to cloud metadata endpoints (e.g., 169.254.169.254) originating from PDF generation services
- Unexpected HTTP redirects in network traffic from PDF rendering workflows
- Error logs indicating failed connections to internal services from the WeasyPrint application context
Detection Strategies
- Monitor network traffic for HTTP redirect chains that originate externally but terminate at internal IP addresses or localhost
- Implement network-level detection for connections to cloud metadata IP ranges (169.254.169.254) from application servers
- Review WeasyPrint application logs for URL fetching patterns that include external URLs followed by internal resource access
- Deploy web application firewall rules to detect SSRF redirect patterns in PDF generation requests
Monitoring Recommendations
- Enable detailed logging for all URL fetch operations in WeasyPrint-based applications
- Configure network monitoring to alert on any outbound connections to link-local addresses from application servers
- Implement egress filtering and logging to detect unexpected internal network access patterns
- Monitor for deprecation warnings in application logs indicating use of vulnerable default_url_fetcher function
How to Mitigate CVE-2025-68616
Immediate Actions Required
- Upgrade WeasyPrint to version 68.0 or later immediately
- Migrate from deprecated default_url_fetcher function to the new URLFetcher class
- Review all custom URL fetcher implementations to ensure redirect validation is in place
- Audit existing PDF generation workflows for potential SSRF exposure
Patch Information
The vulnerability is patched in WeasyPrint version 68.0, released on 2026-01-19. The fix introduces a new URLFetcher class that properly validates all URLs in redirect chains against the configured security policy. The legacy default_url_fetcher function is deprecated and now disables HTTP redirects by default to prevent exploitation. Users should migrate to the URLFetcher class for secure redirect handling. Technical details are available in the GitHub Security Advisory GHSA-983w and the security patch commit.
Workarounds
- If immediate upgrade is not possible, implement network-level controls to block outbound connections to internal IP ranges and cloud metadata endpoints
- Add a reverse proxy or firewall rule that strips or blocks HTTP redirect responses to internal addresses
- Disable external URL fetching entirely in WeasyPrint if not required for business functionality
- Implement custom URL validation that resolves DNS and validates the final IP address before allowing connections
# Configuration example
# Upgrade WeasyPrint to patched version
pip install --upgrade weasyprint>=68.0
# Verify installed version
pip show weasyprint | grep Version
# For network-level mitigation, block metadata endpoint access (iptables example)
iptables -A OUTPUT -d 169.254.169.254 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
