CVE-2025-55853 - Local File Inclusion via Server Side Request Forgery About SoftVision webPDF before 10.0.2 is vulnerable to Server-Side Request Forgery (SSRF). Key Information Affected Versions webPDF version before: 10.0.2 Exploit Details This PoC demonstrates SSRF in the webPDF tool used to convert files to PDF. The PDF converter function does not check if internal or external resources are requested in the uploaded files and allows for protocols such as and . This allows an attacker to upload an HTML file that can be rendered to a PDF, allowing for internal port scanning and Local File Inclusion (LFI). Example Payload Mitigation Limit the available protocols to HTTP and HTTPS using an allowlist function. Limit requests to internal networks by resolving the domain and blocking requests to internal network segments. Update the webPDF software to webPDF version 10.0.2 or higher. References webPDF