16 matches found
ROOT-APP-MAVEN-CVE-2025-66516 CVE-2025-66516 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root
Root has patched CVE-2025-66516 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers (CVE-2025-54988, CVE-2025-66516, CVE-2025-66516)
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in Apache Tika Core and Parsers CVE-2025-54988, CVE-2025-66516, CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika...
Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability
Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika
Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...
Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)
Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...
Security Bulletin: Due to the use of Apache Tika, IBM webMethods Integration Server is vulnerable to XML External Entity injection (CVE-2025-66516)
Summary IBM webMethods Integration Server uses Apache Tika for Reference Data functionality and vulnerability reported in Apache Tika is addressed. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parser...
Security Bulletin: IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF (CVE-2025-66516)
Summary IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF CVE-2025-66516. Apache Tika is used by the Run SQL Scripts feature of IBM i Access Client Solutions to determine the content type of binary colum...
Atlassian Jira Service Management Data Center and Server < 10.3.15 / 11.0.x < 11.2.1 (JSDSERVER-16477)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16477 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers...
Apache Tika 1.13 < 3.2.2 XXE (CVE-2025-66516)
The version of Apache Tika on the remote host is prior to 3.2.2. It is, therefore, affected by a XXE vulnerability: - Critical XXE in Apache Tika tika-core 1.13-3.2.1 allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same...
XXE (XML External Entity Injection) Tika Dependency in Jira Service Management Data Center and Server
This Jira Service Management release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path...
XXE (XML External Entity Injection) Tika Dependency Vulnerability in Crucible Server and Fisheye Server
This Crucible Server and Fisheye Server release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the...
XXE (XML External Entity Injection) Tika Dependency Vulnerability in Bamboo Data Center and Server
This Bamboo release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for exploitation...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3954 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)
org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...
DEBIAN-CVE-2025-66516
Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...
CVE-2025-66516 Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected
Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7) +3954 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-core (>=1.13 <=3.2.1)
org.apache.tika:tika-core MAVEN version =1.13, =1.3, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =1.1.0 - ai.konduit.serving:konduit-serving-cli =0.1.0 - ai.konduit.serving:konduit-serving-distro-bom =0.1.0 - ai.platon.pulsar:pulsar-agentic =4.6.0 and...