← Zuruck zu CVEs
CVE-2025-56589
HIGH7.5
Beschreibung
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services. Both vulnerabilities could lead to the disclosure of sensitive data or potential system takeover.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht1/22/2026
Zuletzt geandert2/2/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apryse:html2pdf
Schwachen (CWE)
CWE-918
Referenzen
http://apryse.com(cve@mitre.org)
https://www.stratascale.com/resource/apryse-server-module-ssrf-lfi/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.