Atlassian Jira Service Management Data Center and Server < 10.3.15 / 11.0.x < 11.2.1 (JSDSERVER-16477)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16477 advisory. - Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers...

Exploit for CVE-2025-66516

CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity XXE injection attack. The vulnerability, tracked as CVE-2025-66516 , is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core 1.13-3.2.1,...

PT-2025-49099

Name of the Vulnerable Software and Affected Versions tika-core versions 1.13 through 3.2.1 tika-parser-pdf-module versions 2.0.0 through 3.2.1 tika-parsers versions 1.13 through 1.28.5 Description Apache Tika incorrectly handles XML external entities when parsing XFA XML Forms Architecture conte...

GHSA-P72G-PV48-7W9X Apache Tika XXE Vulnerability via Crafted XFA File Inside a PDF

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...