2 matches found
CVE-2025-66516
Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...
CVE-2025-54988
An XML External Entity injection flaw was found in the Apache Tika tika-parser-pdf-module. This vulnerability allows an attacker to provide a crafted XFA file within a PDF, read sensitive data, or trigger malicious requests to internal resources or third-party servers. Mitigation Mitigation for...