← back
CVE-2025-56590

CVE-2025-56590

CVSS 9.8 CRITICALEPSS 0.5%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a