CNNVD-202601-3776 Information

Jan 22, 2026 cve

CNNVD ID

CNNVD-202601-3776

CVE-2025-56589

CNNVD Published: 2026-01-22

Description (Chinese)

Apryse HTML2PDF SDK是美国Apryse公司的一个文件格式转换组件。 Apryse HTML2PDF SDK 11.6.0及之前版本存在安全漏洞，该漏洞源于InsertFromHtmlString函数存在本地文件包含和服务端请求伪造，可能导致读取服务器本地文件或发起任意HTTP请求，进而泄露敏感数据或接管系统。

Description (English)

Apryse HTML2PDF SDK is a file format conversion component of Apryse, United States. Apryse HTML2PDF SDK 11.6.0 and previous versions had a security loophole, which stemmed from the presence of local file contents and service-end requests for forgery in the InsertFromHtmlString function, which could lead to the reading of local server files or the initiation of any HTTP request, thereby disclosing sensitive data or taking over systems.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Apryse

Published

2026-01-22

Last Modified

2026-02-24

References

http://apryse.com https://www.stratascale.com/resource/apryse-server-module-ssrf-lfi/ https://access.redhat.com/security/cve/cve-2025-56589

Share on: