CVE-2025-51591

EUVD-2025-21134

11.07.2025, 14:15

A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.

SSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADP	ADP	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Common Weakness Enumeration

CWE-918 - Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References

http://pandoc.com

https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591

https://github.com/jgm/pandoc/discussions/11200

https://github.com/jgm/pandoc/issues/10682

https://github.com/jgm/pandoc/issues/11261

https://github.com/jgm/pandoc/issues/8874

https://github.com/jgm/pandoc/pull/11262

https://www.wiz.io/blog/imds-anomaly-hunting-zero-day

https://github.com/jgm/pandoc/commit/67edf7ce7cd3563a180ae44bd122b012e22364f8

https://github.com/jgm/pandoc/issues/10682

https://pandoc.org

https://www.wiz.io/blog/imds-anomaly-hunting-zero-day

not-applicable:http://jgm.com/

not-applicable:http://pandoc.com/