{"id":"CVE-2025-51591","details":"A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilities. Using the ‘--sandbox’ option or ‘pandoc-server’ can mitigate such vulnerabilities. Using pandoc with an external ‘--pdf-engine’ can also enable SSRF vulnerabilities, such as CVE-2022-35583 in wkhtmltopdf.","modified":"2026-04-10T05:29:21.522716Z","published":"2025-07-11T14:15:27.347Z","references":[{"type":"WEB","url":"https://github.com/jgm/pandoc/discussions/11200"},{"type":"WEB","url":"https://pandoc.org"},{"type":"WEB","url":"not-applicable:http://jgm.com/"},{"type":"WEB","url":"not-applicable:http://pandoc.com/"},{"type":"WEB","url":"http://jgm.com"},{"type":"WEB","url":"http://pandoc.com"},{"type":"WEB","url":"https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591"},{"type":"REPORT","url":"https://github.com/jgm/pandoc/issues/8874"},{"type":"REPORT","url":"https://github.com/jgm/pandoc/issues/10682"},{"type":"REPORT","url":"https://github.com/jgm/pandoc/issues/11261"},{"type":"FIX","url":"https://github.com/jgm/pandoc/pull/11262"},{"type":"FIX","url":"https://github.com/jgm/pandoc/commit/67edf7ce7cd3563a180ae44bd122b012e22364f8"},{"type":"ARTICLE","url":"https://www.wiz.io/blog/imds-anomaly-hunting-zero-day"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jgm/pandoc","events":[{"introduced":"0"},{"fixed":"67edf7ce7cd3563a180ae44bd122b012e22364f8"}]}],"versions":["0.10","0.16.1.2","1.0","1.0.0.1","1.10.0.1","1.10.0.2","1.10.0.3","1.10.0.4","1.10.0.5","1.10.1","1.11","1.11.1","1.12","1.12.0.1","1.12.0.2","1.12.0.3","1.12.1","1.12.2","1.12.2.1","1.12.3","1.12.3.1","1.12.3.2","1.12.3.3","1.12.4","1.12.4.1","1.12.4.2","1.13","1.13.0.1","1.13.1","1.13.2","1.14","1.14.0.1","1.14.0.2","1.14.0.3","1.14.0.4","1.14.1","1.15","1.15.0.1","1.15.0.2","1.15.0.3","1.15.0.4","1.15.0.5","1.15.0.6","1.15.1","1.15.1.1","1.15.2","1.15.2.1","1.16","1.16.0.1","1.16.0.2","1.17","1.17.0.1","1.17.0.2","1.17.0.3","1.17.1","1.17.2","1.18","1.19","1.19.1","1.19.2","1.2.1","1.3","1.5","1.5.0.1","1.5.1","1.5.1.1","1.6","1.8","1.8.0.1","1.8.0.3","1.8.1","1.8.1.1","1.8.1.2","1.8.2","1.8.2.1","1.9","1.9.0.2","1.9.0.3","1.9.0.5","1.9.1","1.9.1.1","1.9.1.2","1.9.3","1.9.4","1.9.4.1","1.9.4.2","2.0","2.0.0.1","2.0.1","2.0.1.1","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.1","2.1.1","2.1.2","2.1.3","2.10","2.10.1","2.11","2.11.0.1","2.11.0.3","2.11.0.4","2.11.1","2.11.1.1","2.11.2","2.11.3","2.11.3.1","2.11.3.2","2.11.4","2.12","2.13","2.14","2.14.0.1","2.14.0.2","2.14.0.3","2.14.1","2.14.2","2.15","2.16","2.16.1","2.16.2","2.17","2.17.0.1","2.17.1","2.17.1.1","2.18","2.19","2.19.1","2.19.2","2.2","2.2.1","2.2.2","2.2.2.1","2.2.3","2.2.3.1","2.2.3.2","2.3","2.3.1","2.4","2.5","2.6","2.7","2.7.1","2.7.2","2.7.3","2.8","2.8.0.1","2.8.1","2.9","2.9.1","2.9.1.1","2.9.2","2.9.2.1","3.0","3.0.1","3.1","3.1.1","3.1.10","3.1.11","3.1.11.1","3.1.12","3.1.12.1","3.1.12.2","3.1.12.3","3.1.13","3.1.2","3.1.3","3.1.4","3.1.5","3.1.6","3.1.6.1","3.1.6.2","3.1.7","3.1.8","3.1.9","3.2","3.2.1","3.3","3.4","3.5","3.6","3.6.1","3.6.2","3.6.3","delete","list","pandoc-cli-0.1","pandoc-cli-0.1.1","pandoc-cli-0.1.1.1","pandoc-cli-3.1.10","pandoc-cli-3.1.11","pandoc-cli-3.1.11.1","pandoc-cli-3.1.12","pandoc-cli-3.1.12.1","pandoc-cli-3.1.12.2","pandoc-cli-3.1.12.3","pandoc-cli-3.1.13","pandoc-cli-3.2","pandoc-cli-3.2.1","pandoc-cli-3.3","pandoc-cli-3.4","pandoc-cli-3.5","pandoc-cli-3.6","pandoc-cli-3.6.1","pandoc-cli-3.6.2","pandoc-cli-3.6.3","pandoc-lua-engine-0.1","pandoc-lua-engine-0.1.1","pandoc-lua-engine-0.2","pandoc-lua-engine-0.2.0.1","pandoc-lua-engine-0.2.1","pandoc-lua-engine-0.2.1.1","pandoc-lua-engine-0.2.1.2","pandoc-lua-engine-0.2.1.3","pandoc-lua-engine-0.2.1.4","pandoc-lua-engine-0.2.1.5","pandoc-lua-engine-0.3","pandoc-lua-engine-0.3.1","pandoc-lua-engine-0.3.2","pandoc-lua-engine-0.3.3","pandoc-lua-engine-0.4","pandoc-lua-engine-0.4.1","pandoc-server-0.1","pandoc-server-0.1.0.1","pandoc-server-0.1.0.10","pandoc-server-0.1.0.2","pandoc-server-0.1.0.3","pandoc-server-0.1.0.4","pandoc-server-0.1.0.5","pandoc-server-0.1.0.6","pandoc-server-0.1.0.7","pandoc-server-0.1.0.8","pandoc-server-0.1.0.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51591.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}