PatchSiren cyber security CVE debrief
CVE-2025-56589 Apryse CVE debrief
CVE-2025-56589 is a high-severity vulnerability (CVSS Score: 7.5) affecting the Apryse HTML2PDF SDK through version 11.6.0. This vulnerability involves a Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) issue in the InsertFromHtmlString() function. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or external services, potentially leading to the disclosure of sensitive data or system takeover.
- Vendor
- Apryse
- Product
- HTML2PDF SDK
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-22
- Original CVE updated
- 2026-07-05
- Advisory published
- 2026-01-22
- Advisory updated
- 2026-07-05
Who should care
Organizations using Apryse HTML2PDF SDK version 11.6.0 or earlier should prioritize patching this vulnerability. Given the high CVSS score, it's crucial for developers and security teams to assess the risk and apply necessary mitigations to prevent potential exploitation.
Technical summary
The vulnerability is caused by issues in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK. An attacker could exploit the LFI aspect to read local files on the server, while the SSRF aspect could be used to make arbitrary HTTP requests. This could lead to sensitive data disclosure or, in a worst-case scenario, potential system takeover if an attacker can execute malicious actions using the SSRF capability.
Defensive priority
High priority should be given to patching this vulnerability due to its high CVSS score and the potential for significant impact. Organizations should review their systems for any instances of the vulnerable SDK and apply patches or mitigations as soon as possible.
Recommended defensive actions
- Apply the latest patch (version 11.7.0 or later) for Apryse HTML2PDF SDK.
- Review and restrict access to the InsertFromHtmlString() function.
- Implement additional monitoring for unusual file access or HTTP requests.
- Conduct thorough inventory checks to identify all instances of the vulnerable SDK.
- Consider compensating controls such as web application firewalls (WAFs) to detect and prevent exploitation attempts.
Evidence notes
The CVE record was published on 2026-01-22T17:15:58.183Z and was last modified on 2026-07-05T02:17:02.320Z. The NVD entry is currently Modified. The vulnerability details are based on information from official sources, including the CVE.org record and the NVD detail page.
Official resources
-
CVE-2025-56589 CVE record
CVE.org
-
CVE-2025-56589 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-22T17:15:58.183Z and has not been modified since then. The NVD entry is currently Modified.