CVE-2025-56590CRITICAL 9.8EPSS p39.1%

CVE-2025-56590CVE-2025-56590

Description

An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.1% · 2026-06-19T12:03:05Z
Published2026-01-22
Last modified2026-02-12

Underlying weaknesses· 1

CWE-78

References

  1. http://apryse.com
  2. https://www.stratascale.com/resource/apryse-server-argument-injection-rce/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-36576
CVE
CVE-2025-65875
CVE
CVE-2025-6542
CVE
CVE-2025-12556
CVE
CVE-2025-57790
CVE
CVE-2025-55055
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.