Key Information Vulnerability Overview Vulnerability Type: SSRF (Server-Side Request Forgery) Affected Package: (Maven) Affected Versions: All versions Fixed Version: 1.1.0 Severity: High (8.6/10) Description Summary: When using the endpoint to convert HTML to PDF, the backend invokes a third-party tool for processing and includes a security sanitizer to prevent security issues. However, there is a flaw that can be bypassed, leading to an SSRF vulnerability. Details: The backend uses the third-party sanitizer , but a bypassable flaw exists, resulting in an SSRF vulnerability. Vulnerability Details Source Code Location: Vulnerability Location: PoC (Proof of Concept) Impact CVSS v3 Base Metrics: - Attack Vector: Network - Attack Complexity: Low - Required Privileges: None - User Interaction: None - Scope: Unchanged - Confidentiality Impact: High - Integrity Impact: Low - Availability Impact: Low CVE ID: CVE-2025-55150 Weakness: CWE-918 Acknowledgments Reporter: NinjaGPT