Unrated severityNVD Advisory· Published Jan 22, 2026· Updated Jan 26, 2026
CVE-2025-56589
CVE-2025-56589
Description
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=11.6.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.