Over 565 internet-exposed Apache Tika Server situations are susceptible to a crucial XML Exterior Entity (XXE) injection flaw.
That would allow attackers to steal delicate information, launch denial-of-service assaults, or conduct server-side request forgery operations.
The vulnerability, tracked as CVE-2025-66516, impacts tika-core variations 1.13.0 by 3.2.1 and carries a most CVSS severity rating of 10.0.
Apache disclosed the flaw on December 4, 2025, prompting instant concern amongst organizations that depend on the favored content material evaluation toolkit.
Apache Tika processes numerous doc codecs to extract metadata and textual content content material. The vulnerability permits attackers to use XXE injection by embedding a malicious XFA file inside a PDF doc.
When Tika processes this crafted file, it allows unauthorized entry to inside assets.
FieldValueCVE-IDCVE-2025-66516CVSS Score10.0 (Important)Vulnerability TypeXML Exterior Entity (XXE) InjectionAttack VectorCrafted XFA file inside PDFPotential ImpactData exfiltration, DoS, SSRF
Profitable exploitation permits distant attackers to learn confidential information from susceptible servers. Exhaust system assets to trigger service disruptions, or abuse the server to make requests to inside community assets.
This might expose backend programs, databases, or cloud metadata endpoints that ought to stay protected behind firewalls.
Safety analysis agency Censys recognized 565 probably susceptible Tika Server situations accessible from the web as of December 2025.
These uncovered programs span a number of international locations and signify a major assault floor for risk actors scanning for unpatched installations.
Organizations working Apache Tika Server ought to instantly improve tika-core to model 3.2.2 or later. Purposes that use Tika as a Maven dependency should additionally replace tika-parsers to model 1.28.6 or increased, or tika-pdf-module to model 3.2.2 or increased.
No proof-of-concept exploit code has been publicly launched, and no lively exploitation has been reported on the time of disclosure.
Nonetheless, given the crucial severity and easy assault methodology, safety groups ought to prioritize patching earlier than attackers develop working exploits.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
