top of page
perceptive_background_267k.jpg

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Published:

5 december 2025 om 16:23:00

Alert date:

5 december 2025 om 18:01:16

Source:

thehackernews.com

Click to open the original link from this advisory

A critical XML external entity (XXE) injection vulnerability CVE-2025-66516 has been discovered in Apache Tika with a maximum CVSS score of 10.0. The flaw affects multiple Apache Tika modules including tika-core (versions 1.13-3.2.1), tika-pdf-module (versions 2.0.0-3.2.1), and tika-parsers (versions 1.13-1.28.5) across all platforms. Due to the critical severity rating and potential for XXE attacks, this vulnerability requires urgent patching.

Technical details

Mitigation steps:

Affected products:

Apache Tika

Related links:

https://thehackernews.com/2025/12/critical-xxe-bug-cve-2025-66516-cvss.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page