CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-68616

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.6%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2025-68616

Kozea » Weasyprint » Version: 0.1

cpe:2.3:a:kozea:weasyprint:0.1
Kozea » Weasyprint » Version: 0.10

cpe:2.3:a:kozea:weasyprint:0.10
Kozea » Weasyprint » Version: 0.11

cpe:2.3:a:kozea:weasyprint:0.11
Kozea » Weasyprint » Version: 0.12

cpe:2.3:a:kozea:weasyprint:0.12
Kozea » Weasyprint » Version: 0.13

cpe:2.3:a:kozea:weasyprint:0.13
Kozea » Weasyprint » Version: 0.14

cpe:2.3:a:kozea:weasyprint:0.14
Kozea » Weasyprint » Version: 0.15

cpe:2.3:a:kozea:weasyprint:0.15
Kozea » Weasyprint » Version: 0.16

cpe:2.3:a:kozea:weasyprint:0.16
Kozea » Weasyprint » Version: 0.17

cpe:2.3:a:kozea:weasyprint:0.17
Kozea » Weasyprint » Version: 0.17.1

cpe:2.3:a:kozea:weasyprint:0.17.1
Kozea » Weasyprint » Version: 0.18

cpe:2.3:a:kozea:weasyprint:0.18
Kozea » Weasyprint » Version: 0.19

cpe:2.3:a:kozea:weasyprint:0.19
Kozea » Weasyprint » Version: 0.19.1

cpe:2.3:a:kozea:weasyprint:0.19.1
Kozea » Weasyprint » Version: 0.19.2

cpe:2.3:a:kozea:weasyprint:0.19.2
Kozea » Weasyprint » Version: 0.2

cpe:2.3:a:kozea:weasyprint:0.2
Kozea » Weasyprint » Version: 0.2.1

cpe:2.3:a:kozea:weasyprint:0.2.1
Kozea » Weasyprint » Version: 0.2.2

cpe:2.3:a:kozea:weasyprint:0.2.2
Kozea » Weasyprint » Version: 0.20

cpe:2.3:a:kozea:weasyprint:0.20
Kozea » Weasyprint » Version: 0.20.1

cpe:2.3:a:kozea:weasyprint:0.20.1
Kozea » Weasyprint » Version: 0.20.2

cpe:2.3:a:kozea:weasyprint:0.20.2
Kozea » Weasyprint » Version: 0.21

cpe:2.3:a:kozea:weasyprint:0.21
Kozea » Weasyprint » Version: 0.22

cpe:2.3:a:kozea:weasyprint:0.22
Kozea » Weasyprint » Version: 0.23

cpe:2.3:a:kozea:weasyprint:0.23
Kozea » Weasyprint » Version: 0.24

cpe:2.3:a:kozea:weasyprint:0.24
Kozea » Weasyprint » Version: 0.25

cpe:2.3:a:kozea:weasyprint:0.25
Kozea » Weasyprint » Version: 0.26

cpe:2.3:a:kozea:weasyprint:0.26
Kozea » Weasyprint » Version: 0.27

cpe:2.3:a:kozea:weasyprint:0.27
Kozea » Weasyprint » Version: 0.28

cpe:2.3:a:kozea:weasyprint:0.28
Kozea » Weasyprint » Version: 0.29

cpe:2.3:a:kozea:weasyprint:0.29
Kozea » Weasyprint » Version: 0.3

cpe:2.3:a:kozea:weasyprint:0.3
Kozea » Weasyprint » Version: 0.3.1

cpe:2.3:a:kozea:weasyprint:0.3.1
Kozea » Weasyprint » Version: 0.30

cpe:2.3:a:kozea:weasyprint:0.30
Kozea » Weasyprint » Version: 0.31

cpe:2.3:a:kozea:weasyprint:0.31
Kozea » Weasyprint » Version: 0.32

cpe:2.3:a:kozea:weasyprint:0.32
Kozea » Weasyprint » Version: 0.33

cpe:2.3:a:kozea:weasyprint:0.33
Kozea » Weasyprint » Version: 0.34

cpe:2.3:a:kozea:weasyprint:0.34
Kozea » Weasyprint » Version: 0.35

cpe:2.3:a:kozea:weasyprint:0.35
Kozea » Weasyprint » Version: 0.36

cpe:2.3:a:kozea:weasyprint:0.36
Kozea » Weasyprint » Version: 0.37

cpe:2.3:a:kozea:weasyprint:0.37
Kozea » Weasyprint » Version: 0.38

cpe:2.3:a:kozea:weasyprint:0.38
Kozea » Weasyprint » Version: 0.39

cpe:2.3:a:kozea:weasyprint:0.39
Kozea » Weasyprint » Version: 0.4

cpe:2.3:a:kozea:weasyprint:0.4
Kozea » Weasyprint » Version: 0.40

cpe:2.3:a:kozea:weasyprint:0.40
Kozea » Weasyprint » Version: 0.41

cpe:2.3:a:kozea:weasyprint:0.41
Kozea » Weasyprint » Version: 0.42

cpe:2.3:a:kozea:weasyprint:0.42
Kozea » Weasyprint » Version: 0.42.1

cpe:2.3:a:kozea:weasyprint:0.42.1
Kozea » Weasyprint » Version: 0.42.2

cpe:2.3:a:kozea:weasyprint:0.42.2
Kozea » Weasyprint » Version: 0.42.3

cpe:2.3:a:kozea:weasyprint:0.42.3
Kozea » Weasyprint » Version: 0.5

cpe:2.3:a:kozea:weasyprint:0.5
Kozea » Weasyprint » Version: 0.6

cpe:2.3:a:kozea:weasyprint:0.6
Kozea » Weasyprint » Version: 0.6.1

cpe:2.3:a:kozea:weasyprint:0.6.1
Kozea » Weasyprint » Version: 0.7

cpe:2.3:a:kozea:weasyprint:0.7
Kozea » Weasyprint » Version: 0.7.1

cpe:2.3:a:kozea:weasyprint:0.7.1
Kozea » Weasyprint » Version: 0.8

cpe:2.3:a:kozea:weasyprint:0.8
Kozea » Weasyprint » Version: 0.9

cpe:2.3:a:kozea:weasyprint:0.9
Kozea » Weasyprint » Version: 43

cpe:2.3:a:kozea:weasyprint:43
Kozea » Weasyprint » Version: 44

cpe:2.3:a:kozea:weasyprint:44
Kozea » Weasyprint » Version: 45

cpe:2.3:a:kozea:weasyprint:45
Kozea » Weasyprint » Version: 46

cpe:2.3:a:kozea:weasyprint:46
Kozea » Weasyprint » Version: 47

cpe:2.3:a:kozea:weasyprint:47
Kozea » Weasyprint » Version: 48

cpe:2.3:a:kozea:weasyprint:48
Kozea » Weasyprint » Version: 49

cpe:2.3:a:kozea:weasyprint:49
Kozea » Weasyprint » Version: 50

cpe:2.3:a:kozea:weasyprint:50
Kozea » Weasyprint » Version: 51

cpe:2.3:a:kozea:weasyprint:51
Kozea » Weasyprint » Version: 52

cpe:2.3:a:kozea:weasyprint:52
Kozea » Weasyprint » Version: 52.1

cpe:2.3:a:kozea:weasyprint:52.1
Kozea » Weasyprint » Version: 52.2

cpe:2.3:a:kozea:weasyprint:52.2
Kozea » Weasyprint » Version: 52.3

cpe:2.3:a:kozea:weasyprint:52.3
Kozea » Weasyprint » Version: 52.4

cpe:2.3:a:kozea:weasyprint:52.4
Kozea » Weasyprint » Version: 52.5

cpe:2.3:a:kozea:weasyprint:52.5
Kozea » Weasyprint » Version: 53.0

cpe:2.3:a:kozea:weasyprint:53.0
Kozea » Weasyprint » Version: 53.1

cpe:2.3:a:kozea:weasyprint:53.1
Kozea » Weasyprint » Version: 53.2

cpe:2.3:a:kozea:weasyprint:53.2
Kozea » Weasyprint » Version: 53.3

cpe:2.3:a:kozea:weasyprint:53.3
Kozea » Weasyprint » Version: 53.4

cpe:2.3:a:kozea:weasyprint:53.4
Kozea » Weasyprint » Version: 54.0

cpe:2.3:a:kozea:weasyprint:54.0
Kozea » Weasyprint » Version: 54.1

cpe:2.3:a:kozea:weasyprint:54.1
Kozea » Weasyprint » Version: 54.2

cpe:2.3:a:kozea:weasyprint:54.2
Kozea » Weasyprint » Version: 54.3

cpe:2.3:a:kozea:weasyprint:54.3
Kozea » Weasyprint » Version: 55.0

cpe:2.3:a:kozea:weasyprint:55.0
Kozea » Weasyprint » Version: 56.0

cpe:2.3:a:kozea:weasyprint:56.0
Kozea » Weasyprint » Version: 56.1

cpe:2.3:a:kozea:weasyprint:56.1
Kozea » Weasyprint » Version: 57.0

cpe:2.3:a:kozea:weasyprint:57.0
Kozea » Weasyprint » Version: 57.1

cpe:2.3:a:kozea:weasyprint:57.1
Kozea » Weasyprint » Version: 57.2

cpe:2.3:a:kozea:weasyprint:57.2
Kozea » Weasyprint » Version: 58.0

cpe:2.3:a:kozea:weasyprint:58.0
Kozea » Weasyprint » Version: 58.1

cpe:2.3:a:kozea:weasyprint:58.1
Kozea » Weasyprint » Version: 59.0

cpe:2.3:a:kozea:weasyprint:59.0
Kozea » Weasyprint » Version: 60.0

cpe:2.3:a:kozea:weasyprint:60.0
Kozea » Weasyprint » Version: 60.1

cpe:2.3:a:kozea:weasyprint:60.1
Kozea » Weasyprint » Version: 60.2

cpe:2.3:a:kozea:weasyprint:60.2
Kozea » Weasyprint » Version: 61.0

cpe:2.3:a:kozea:weasyprint:61.0
Kozea » Weasyprint » Version: 61.1

cpe:2.3:a:kozea:weasyprint:61.1
Kozea » Weasyprint » Version: 61.2

cpe:2.3:a:kozea:weasyprint:61.2
Kozea » Weasyprint » Version: 62.0

cpe:2.3:a:kozea:weasyprint:62.0
Kozea » Weasyprint » Version: 62.1

cpe:2.3:a:kozea:weasyprint:62.1
Kozea » Weasyprint » Version: 62.2

cpe:2.3:a:kozea:weasyprint:62.2
Kozea » Weasyprint » Version: 62.3

cpe:2.3:a:kozea:weasyprint:62.3
Kozea » Weasyprint » Version: 63.0

cpe:2.3:a:kozea:weasyprint:63.0
Kozea » Weasyprint » Version: 63.1

cpe:2.3:a:kozea:weasyprint:63.1
Kozea » Weasyprint » Version: 64.0

cpe:2.3:a:kozea:weasyprint:64.0
Kozea » Weasyprint » Version: 64.1

cpe:2.3:a:kozea:weasyprint:64.1
Kozea » Weasyprint » Version: 65.0

cpe:2.3:a:kozea:weasyprint:65.0
Kozea » Weasyprint » Version: 65.1

cpe:2.3:a:kozea:weasyprint:65.1
Kozea » Weasyprint » Version: 66.0

cpe:2.3:a:kozea:weasyprint:66.0
Kozea » Weasyprint » Version: 67.0

cpe:2.3:a:kozea:weasyprint:67.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-68616

Products

Pricing

Contact Us