Information securityfromInfoWorld5 days agoApache Tika hit by critical vulnerability thought to be patched months agoApache Tika tika-core 1.13–3.2.1, tika-parsers 1.13–1.28.5, and legacy parsers 1.13–1.28.5 are vulnerable to XXE injection.
fromTechzine Global5 days agoInformation securityApache warns of critical vulnerability in Tika toolkitA critical CVE-2025-66516 vulnerability in tika-core (CVSS 10.0) requires upgrading to tika-core 3.2.2 to fully mitigate exploitation risks.
fromTheregister6 days agoInformation securityApache warns of 10.0-rated flaw in Tika metadata toolkitA critical Apache Tika vulnerability and rising multi‑terabit DDoS attacks are forcing urgent upgrades and massive defensive capacity expansion.
fromTechzine Global5 days agoInformation securityApache warns of critical vulnerability in Tika toolkit
fromTheregister6 days agoInformation securityApache warns of 10.0-rated flaw in Tika metadata toolkit
Information securityfromThe Hacker News1 week agoCritical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent PatchApache Tika contains a critical XXE vulnerability (CVE-2025-66516) rated 10.0 that enables XML External Entity injection via crafted XFA files in PDFs.
