THREAT OPS › Threat News › [NVD] CVE-2025-68616 (HIGH 7.5) — WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` servic
[NVD] CVE-2025-68616 (HIGH 7.5) — WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` servic
CVE-2025-68616 CVSS: 7.5 HIGH Published: 2026-01-19T16:15:53.573
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer
Indicators of compromise
- CVE-2025-68616cve
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-68616