{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2025-51591","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2026-02-27T16:41:31.913Z","dateReserved":"2025-06-16T00:00:00.000Z","datePublished":"2025-07-11T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2025-11-24T21:52:10.536Z"},"descriptions":[{"lang":"en","value":"A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"http://jgm.com"},{"url":"http://pandoc.com"},{"url":"https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591"},{"url":"https://github.com/jgm/pandoc/issues/8874"},{"url":"https://github.com/jgm/pandoc/issues/10682"},{"url":"https://github.com/jgm/pandoc/discussions/11200"},{"url":"https://github.com/jgm/pandoc/issues/11261"},{"url":"https://github.com/jgm/pandoc/pull/11262"},{"url":"https://www.wiz.io/blog/imds-anomaly-hunting-zero-day"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"descriptions":[{"lang":"en","value":"pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf."}],"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-918","lang":"en","description":"CWE-918 Server-Side Request Forgery (SSRF)"}]}],"references":[{"url":"https://pandoc.org","tags":["product"]},{"url":"https://github.com/jgm/pandoc/issues/10682","tags":["vendor-advisory","issue-tracking"]},{"url":"https://github.com/jgm/pandoc/commit/67edf7ce7cd3563a180ae44bd122b012e22364f8","tags":["patch"]},{"url":"https://www.wiz.io/blog/imds-anomaly-hunting-zero-day","tags":["technical-description"]},{"url":"not-applicable:http://jgm.com/","tags":["not-applicable"]},{"url":"not-applicable:http://pandoc.com/","tags":["not-applicable"]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":3.7,"attackVector":"NETWORK","baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"HIGH","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-07T15:56:45.462102Z","id":"CVE-2025-51591","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-17T16:56:24.240Z"}},{"descriptions":[{"lang":"en","value":"ArtsPDFGenerator (APG) is a web application that uses pandoc and allows anonymous users to generate PDFs from arbitrary web sites. APG does not use the non-default '--sandbox' setting nor does APG call pandoc as 'pandoc-server' so is vulnerable to SSRF. An unauthenticated, remote attacker can specify an attacker-controlled iframe that can make HTTP requests to any sources accessible by APG."}],"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1188","lang":"en","description":"Initialization of a Resource with an Insecure Default"}]}],"affected":[{"vendor":"Art","product":"ArtsPDFGenerator (APG)","defaultStatus":"unknown","versions":[{"versionType":"custom","version":"*","lessThan":"143.0.7499.110","status":"unaffected"}]}],"references":[{"url":"https://github.com/jgm/pandoc/issues/10682","tags":["vendor-advisory","issue-tracking"]},{"url":"https://github.com/jgm/pandoc/commit/67edf7ce7cd3563a180ae44bd122b012e22364f8","tags":["patch"]},{"url":"https://www.wiz.io/blog/imds-anomaly-hunting-zero-day","tags":["technical-description"]},{"url":"https://www.example.com/apg/security/cve-2025-14174.vex.json","tags":["x_sadp-openvex"]}],"title":"Art-SADP testing","x_adpType":"supplier","x_assertions":[{"tag":"upstream-dependency-includes","url":"https://www.example.com/apg/security/cve-2025-14174.vex.json","format":"openvex","definition":{"url":"https://github.com/openvex/spec/openvex_json_schema_0.2.0.json","namespace":"openvex","version":"0.2.0"}}],"providerMetadata":{"orgId":"48f6f7a7-8c8e-41a8-acf6-95528284812f","shortName":"Art-SADP","dateUpdated":"2026-02-26T16:54:10.651Z"}},{"x_adpType":"supplier","providerMetadata":{"orgId":"f6c3b076-ca7a-45e7-94f6-867262bb4911","shortName":"siemens-SADP","dateUpdated":"2026-02-27T16:41:31.913Z"},"affected":[{"vendor":"Siemens","product":"Product X","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":4.2,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-20","description":"CWE-20: Improper Input Validation","type":"CWE"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-111112.html"}]}]},"dataVersion":"5.2"}