Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Critical XXE in Apache Tika (CVE-2025-54988)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Apache Tika 1.13 through and including 3.2.1 on all platforms . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 throu...

XXE (XML External Entity Injection) Tika Dependency in Jira Software Data Center and Server

This Jira Software release includes updates to our Apache Tika dependency in response to CVE-2025-66516. Our security team has assessed that the current scope of this CVE does not present the same critical risk in our products, as our use of the dependency doesn’t support the known path for...

PT-2022-20430 · Apache +3 · Apache Tika +3

Name of the Vulnerable Software and Affected Versions: Apache Tika versions 1.x through 1.28.2 Description: A denial of service issue exists due to a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler, which can lead to backtracking on a specially crafted...