Home > Vulnerability Database > CVE-2025-68616

Mend.io Vulnerability Database

CVE-2025-68616

Good to know:

Date: January 19, 2026

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's "default_url_fetcher". The vulnerability allows attackers to access internal network resources (such as "localhost" services or cloud metadata endpoints) even when a developer has implemented a custom "url_fetcher" to block such access. This occurs because the underlying "urllib" library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68616

Url: https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565

Url: https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv

Url: https://github.com/Kozea/WeasyPrint

Url: https://www.mend.io/vulnerability-database/CVE-2025-68616

Severity Score

7.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version weasyprint - 68.0;https://github.com/Kozea/WeasyPrint.git - v68.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68616

Good to know:

Date: January 19, 2026

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?