URL has been copied successfully!
Maximum-severity XXE vulnerability discovered in Apache Tika
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Maximum-severity XXE vulnerability discovered in Apache Tika


Tags: , , , , ,

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules. An attacker can embed a malicious XFA file inside a PDF and […]

First seen on securityaffairs.com

Jump to article: securityaffairs.com/185363/security/maximum-severity-xxe-vulnerability-discovered-in-apache-tika.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
  2. Tomcat PUT to active abuse as Apache deals with critical RCE flaw
  3. April Patch Tuesday news: Windows zero day being exploited, ‘big vulnerability’ in 2 SAP apps
  4. Patch Tuesday for May: Five zero day vulnerabilities CISOs should focus on