13 matches found
ROOT-APP-MAVEN-CVE-2025-54988 CVE-2025-54988 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root
Root has patched CVE-2025-54988 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers (CVE-2025-54988, CVE-2025-66516, CVE-2025-66516)
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers CVE-2025-54988, CVE-2025-66516, CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika...
Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability
Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika
Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...
Atlassian Confluence 7.19 < 8.5.31 / 8.6.x < 9.2.13 / 9.3.x < 10.2.2 (CONFSERVER-101872)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101872 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an...
Atlassian Confluence 7.7.x < 8.5.31 / 8.6.x < 9.2.13 / 9.3.1 < 10.2.2 (CONFSERVER-101878)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101878 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry o...
Atlassian Jira Service Management Data Center and Server 10.3.0 < 10.3.13 / 11.0.x < 11.2.0 (JSDSERVER-16478)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16478 advisory. - Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 o...
Exploit for Improper Restriction of XML External Entity Reference in Apache Tika
Apache Tika XXE Vulnerability Tester CVE-2025-54988 A compr...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3954 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)
org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...
[SECURITY] [DLA 4350-1] tika security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4350-1 [email protected] https://www.debian.org/lts/security/ Paride Legovini October 26, 2025 https://wiki.debian.org/LTS -...
Debian dla-4350 : libtika-java - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4350 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4350-1 [email protected] https://www.debian.org/lts/security/...
Elasticsearch 8.18.6, 8.19.3, 9.0.6, and 9.1.3 Security Update (ESA-2025-14) (CVE-2025-54988)
Elasticsearch XML external entity XXE injection in Apache Tika ESA-2025-14 On August 20, 2025, CVE-2025-54988 in Apache Tika PDF parser module was announced, disclosing an XML External Entity injection flaw in the Apache Tika tika-parser-pdf-module. This vulnerability allows an attacker to provid...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3954 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)
org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...