CVE-2025-56590

CRITICAL

9.8

Descricao

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado1/22/2026

Ultima modificacao2/12/2026

Fontenvd

Avistamentos honeypot0

Produtos afetados

apryse:html2pdf

Fraquezas (CWE)

CWE-78

Referencias

http://apryse.com(cve@mitre.org)

https://www.stratascale.com/resource/apryse-server-argument-injection-rce/(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.