CVE-2024-25180 – CVE-2024-25180 is a disputed vulnerability in p... (How to Fix)

Q: What is the severity of CVE-2024-25180?

CVE-2024-25180 has a CVSS score of 9.8 (CRITICAL). CVE-2024-25180 is a disputed vulnerability in pdfmake 0.2.9 where a crafted POST request to the /pdf endpoint could allow remote code execution. The vulnerability only affects systems where the test framework (outside the main application) is installed and exposed. Organizations using pdfmake with the test framework accessible are at risk.

📋 TL;DR

CVE-2024-25180 is a disputed vulnerability in pdfmake 0.2.9 where a crafted POST request to the /pdf endpoint could allow remote code execution. The vulnerability only affects systems where the test framework (outside the main application) is installed and exposed. Organizations using pdfmake with the test framework accessible are at risk.

💻 Affected Systems

Products:

pdfmake

Versions: 0.2.9 (specifically with test framework installed)

Operating Systems: All platforms running pdfmake

Default Config Vulnerable: ✅ No

Notes: Vulnerability only exists when the separate test framework is installed and the /pdf endpoint is accessible. This is not part of default pdfmake installation.

📦 What is this software?

Pdfmake by Pdfmake Project

View all CVEs affecting Pdfmake →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of the server, executes arbitrary commands, and potentially compromises the entire system.

🟠

Likely Case

Limited impact since the vulnerable endpoint is only available when test framework is installed and exposed, which is not typical in production.

🟢

If Mitigated

No impact if test framework is not installed or properly restricted to authorized testers only.

🌐 Internet-Facing: HIGH if test framework is exposed to internet without authentication.

🏢 Internal Only: MEDIUM if test framework is accessible internally without proper controls.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted POST requests to the /pdf endpoint. Public references demonstrate proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://github.com/bpampuch/pdfmake/issues/2702

Restart Required: No

Instructions:

No official patch. Remove or restrict access to test framework. Ensure test framework is not installed in production environments.

🔧 Temporary Workarounds

Remove Test Framework

all

Uninstall or disable the test framework that provides the vulnerable /pdf endpoint.

npm uninstall pdfmake-test-framework
Remove any test framework dependencies from package.json

Restrict Endpoint Access

all

Configure web server to block access to /pdf endpoint or restrict to authorized IPs/users only.

# Example nginx config: location /pdf { deny all; }
# Example Apache: <Location /pdf> Require all denied </Location>

🧯 If You Can't Patch

Implement strict network segmentation to isolate systems with test framework
Deploy web application firewall (WAF) rules to block malicious POST requests to /pdf endpoint

🔍 How to Verify

Check if Vulnerable:

Check if test framework is installed and /pdf endpoint responds to POST requests. Use: curl -X POST http://target/pdf

Check Version:

npm list pdfmake

Verify Fix Applied:

Verify test framework is removed and /pdf endpoint returns 404 or access denied.

📡 Detection & Monitoring

Log Indicators:

POST requests to /pdf endpoint with unusual payloads
Error logs showing code execution attempts

Network Indicators:

Unusual outbound connections from pdfmake server
POST requests to /pdf with base64 or encoded payloads

SIEM Query:

source="web_server" AND uri_path="/pdf" AND http_method="POST"

📊 Metadata

CVE ID: CVE-2024-25180

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: February 29, 2024

Last Updated: May 13, 2025

🔗 References

https://github.com/bpampuch/pdfmake/issues/2702 Issue Tracking
https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md Broken Link
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243 Exploit,Third Party Advisory
https://www.youtube.com/watch?v=QcOlrWUGo6o Exploit
https://github.com/bpampuch/pdfmake/issues/2702 Issue Tracking
https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md Broken Link
https://security.snyk.io/vuln/SNYK-JS-PDFMAKE-6347243 Exploit,Third Party Advisory
https://www.youtube.com/watch?v=QcOlrWUGo6o Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25180, you might also want to check these: