Description

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

INFO

Published Date :

2026-01-19T15:20:23.702Z

Last Modified :

2026-01-20T15:42:46.352Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68616 vulnerability.

Vendors Products
Kozea
  • Weasyprint
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68616.

URL Resource
https://github.com/Kozea/WeasyPrint/commit/b6a14f0f3f4ce9c0c75c1a2d73cb1c5d43f0e565 cve-icon cve-icon cve-icon
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68616 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68616 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact