CVE-2025-56589: Apryse module SSRF & LFI
Overview
CVE-2025-56589 is an SSRF and LFI vulnerability in Apryse HTML2PDF SDK that enables attackers to read local files or make unauthorized HTTP requests. This is something I was able to research and find during an engagement while employment at Stratascale. If you wish to read the technical details of the finding, please visit the following URL referenced below.