Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
SoftVision webPDF before 10.0.2 allows attackers to scan internal servers and steal files
CVE-2025-55853
Summary
The PDF converter in older versions of SoftVision webPDF doesn't check what files it's being asked to use. This means an attacker can upload a special file that lets them scan your internal servers and steal sensitive files. Update to version 10.0.2 or later to fix this issue.
Original title
SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files ...
Original description
SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as http:// and file:///. This allows an attacker to upload an XML or HTML file in the application, which when rendered to a PDF allows for internal port scanning and Local File Inclusion (LFI).
nvd CVSS3.1
9.1
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026