CVE-2025-56590

CRITICAL

9.8

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/22/2026

Derniere modification2/12/2026

Sourcenvd

Observations honeypot0

Produits affectes

apryse:html2pdf

Faiblesses (CWE)

CWE-78

References

http://apryse.com(cve@mitre.org)

https://www.stratascale.com/resource/apryse-server-argument-injection-rce/(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.