VYPR
Unrated severityNVD Advisory· Published Feb 19, 2026· Updated Feb 23, 2026

CVE-2025-55853

CVE-2025-55853

Description

SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • SoftVision/webPDFcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <10.0.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.