Lucene search
K

16 matches found

OSV
OSV
added 2026/06/17 2:38 p.m.6 views

ROOT-APP-MAVEN-CVE-2025-66516 CVE-2025-66516 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root

Root has patched CVE-2025-66516 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...

9.8CVSS7.2AI score0.79807EPSS
Exploits5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 5:25 a.m.9 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers (CVE-2025-54988, CVE-2025-66516, CVE-2025-66516)

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers CVE-2025-54988, CVE-2025-66516, CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika...

9.8CVSS5.6AI score0.79807EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 5:7 p.m.8 views

Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability

Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...

9.8CVSS7AI score0.79807EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 4:0 p.m.11 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika

Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...

9.8CVSS7.1AI score0.79807EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/16 12:33 p.m.14 views

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

9.8CVSS5.5AI score0.79807EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/10 10:54 a.m.17 views

Security Bulletin: Due to the use of Apache Tika, IBM webMethods Integration Server is vulnerable to XML External Entity injection (CVE-2025-66516)

Summary IBM webMethods Integration Server uses Apache Tika for Reference Data functionality and vulnerability reported in Apache Tika is addressed. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parser...

9.8CVSS5.5AI score0.79807EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/14 1:43 a.m.12 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF (CVE-2025-66516)

Summary IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF CVE-2025-66516. Apache Tika is used by the Run SQL Scripts feature of IBM i Access Client Solutions to determine the content type of binary colum...

9.8CVSS7.1AI score0.79807EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.8 views

Atlassian Jira Service Management Data Center and Server < 10.3.15 / 11.0.x < 11.2.1 (JSDSERVER-16477)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16477 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers...

9.8CVSS7.8AI score0.79807EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2026/01/06 12:0 a.m.6 views

Apache Tika 1.13 < 3.2.2 XXE (CVE-2025-66516)

The version of Apache Tika on the remote host is prior to 3.2.2. It is, therefore, affected by a XXE vulnerability: - Critical XXE in Apache Tika tika-core 1.13-3.2.1 allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same...

9.8CVSS7.8AI score0.79807EPSS
Exploits5References2
Atlassian
Atlassian
added 2025/12/10 2:37 a.m.18 views

XXE (XML External Entity Injection) Tika Dependency in Jira Service Management Data Center and Server

This Jira Service Management release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path...

9.8CVSS7AI score0.79807EPSS
Exploits5
Atlassian
Atlassian
added 2025/12/10 2:30 a.m.21 views

XXE (XML External Entity Injection) Tika Dependency Vulnerability in Crucible Server and Fisheye Server

This Crucible Server and Fisheye Server release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the...

9.8CVSS8.4AI score0.79807EPSS
Exploits5
Atlassian
Atlassian
added 2025/12/10 2:11 a.m.17 views

XXE (XML External Entity Injection) Tika Dependency Vulnerability in Bamboo Data Center and Server

This Bamboo release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for exploitation...

9.8CVSS8.4AI score0.79807EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2025/12/04 6:30 p.m.9 views

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3954 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)

org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...

9.8CVSS7.4AI score0.79807EPSS
Exploits6
OSV
OSV
added 2025/12/04 5:15 p.m.7 views

DEBIAN-CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS8AI score0.79807EPSS
Exploits5References1
Cvelist
Cvelist
added 2025/12/04 4:17 p.m.23 views

CVE-2025-66516 Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

8.4CVSS0.79807EPSS
Exploits5References2
vulnersOsv
vulnersOsv
added 2025/08/20 9:30 p.m.7 views

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3954 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)

org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...

9.8CVSS7.4AI score0.79807EPSS
Exploits6
Rows per page
Query Builder