CVE-2025-55853

Published: Feb 19, 2026

Modified: Feb 23, 2026

PUBLISHED

Description

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.webpdf.de/

https://github.com/Vivz13/CVE-2025-55853/tree/main

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55853

Description

Affected Products

References