ROOT-APP-MAVEN-CVE-2025-66516 CVE-2025-66516 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root

Root has patched CVE-2025-66516 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-54988 CVE-2025-54988 in io.root.org.apache.tika:tika-parser-pdf-module - Patched by Root

Root has patched CVE-2025-54988 in the io.root.org.apache.tika:tika-parser-pdf-module package for Root:Maven. Multiple fixed versions available...

XML External Entity (XXE) Injection

Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...

UBUNTU-CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

EUVD-2025-201189

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

CVE-2025-54988

An XML External Entity injection flaw was found in the Apache Tika tika-parser-pdf-module. This vulnerability allows an attacker to provide a crafted XFA file within a PDF, read sensitive data, or trigger malicious requests to internal resources or third-party servers. Mitigation Mitigation for...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +304 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: SNYK:JAVA-ORGAPACHETIKA-12238980...

CVE-2025-54988

This CVE-2025-54988 vulnerability is an XXE in Apache Tika affecting tika-core/tika-pdf-module/tika-parsers, allowing XML External Entity injection via a crafted XFA PDF. The NVD entry covers Apache Tika 1.13–3.2.1 with a fix in 3.2.2; UAs may read sensitive data or trigger internal requests. Sev...

CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

CVE-2020-9489

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade ...