πŸ” Search

Found 3 results for "Tika"

Showing 1 - 3 of 3 results

πŸ”’ CVE HIGH CVSS: 8.4 β€’ December 04, 2025

CVE-2025-66516

Critical XXE in Apache Tika Tika-core (1.13-3.2.1), Tika-pdf-module (2.0.0-3.2.1) and Tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as inΒ CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways. First, while the entrypoint for the vulnerability was the Tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in Tika-core. Users who upgraded the Tika-parser-pdf-module but did not upgrade Tika-core to >= 3.2.2 would still be vulnerable. Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.Tika:Tika-parsers" module.

EPSS: 1.5%
πŸ”’ CVE HIGH CVSS: 8.4 β€’ August 20, 2025

CVE-2025-54988

Critical XXE in Apache Tika (Tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the Tika-parser-pdf-module is used as a dependency in several Tika packages including at least: Tika-parsers-standard-modules, Tika-parsers-standard-package, Tika-app, Tika-grpc and Tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.

EPSS: 0.0%
πŸ”’ CVE MEDIUM CVSS: 4.3 β€’ September 16, 2025

CVE-2025-8276

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in PaTika Global Technologies HumanSuite allows Cross-Site Scripting (XSS), Phishing.This issue affects HumanSuite: before 53.21.0.

EPSS: 0.0%