CVE-2025-55853
📋 TL;DR
SoftVision webPDF versions before 10.0.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the PDF converter function. Attackers can upload XML or HTML files that trigger requests to internal systems or local files when converted to PDF, enabling internal port scanning and Local File Inclusion. This affects all users running vulnerable versions of webPDF.
💻 Affected Systems
- SoftVision webPDF
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of internal network services through SSRF to internal endpoints, sensitive file exfiltration via LFI, and potential lateral movement within the network.
Likely Case
Internal port scanning to discover vulnerable services, exfiltration of configuration files or sensitive data from the server via LFI, and potential access to internal HTTP services.
If Mitigated
Limited to scanning of non-sensitive internal services if proper network segmentation and file access controls are implemented.
🎯 Exploit Status
Public proof-of-concept code is available on GitHub. Exploitation requires only file upload capability, which is typically available to unauthenticated users in web applications.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.0.2
Vendor Advisory: https://www.webpdf.de/
Restart Required: Yes
Instructions:
1. Download webPDF version 10.0.2 or later from the official vendor website. 2. Backup current configuration and data. 3. Stop the webPDF service. 4. Install the updated version following vendor instructions. 5. Restart the service and verify functionality.
🔧 Temporary Workarounds
Disable file upload functionality
allTemporarily disable the PDF converter file upload feature until patching can be completed.
# Configuration changes depend on specific deployment. Consult webPDF documentation for disabling upload features.
Implement input validation
allAdd server-side validation to reject XML/HTML files containing http://, file://, or other dangerous protocols in resource references.
# Implement custom validation in webPDF configuration or application layer to sanitize uploaded file content
🧯 If You Can't Patch
- Implement strict network segmentation to isolate webPDF server from sensitive internal systems
- Deploy web application firewall (WAF) rules to block malicious file uploads containing SSRF payloads
🔍 How to Verify
Check if Vulnerable:
Check webPDF version via admin interface or configuration files. If version is below 10.0.2, the system is vulnerable.Check Version:
# Check version in webPDF admin interface or configuration files. Exact command depends on installation method.Verify Fix Applied:
After updating to 10.0.2 or later, test file upload functionality with SSRF payloads to confirm they are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with XML/HTML extensions
- Outbound HTTP requests from webPDF server to internal IPs
- File access attempts to sensitive system paths
Network Indicators:
- HTTP requests from webPDF server to internal services on non-standard ports
- Multiple rapid connection attempts to different internal ports
SIEM Query:
source="webpdf" AND (file_upload="*.xml" OR file_upload="*.html") AND (url="http://internal*" OR url="file://*")