500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online

Posted on By CWS

Over 565 internet-exposed Apache Tika Server situations are susceptible to a crucial XML Exterior Entity (XXE) injection flaw.

That would allow attackers to steal delicate information, launch denial-of-service assaults, or conduct server-side request forgery operations.

The vulnerability, tracked as CVE-2025-66516, impacts tika-core variations 1.13.0 by 3.2.1 and carries a most CVSS severity rating of 10.0.

Apache disclosed the flaw on December 4, 2025, prompting instant concern amongst organizations that depend on the favored content material evaluation toolkit.

Apache Tika processes numerous doc codecs to extract metadata and textual content content material. The vulnerability permits attackers to use XXE injection by embedding a malicious XFA file inside a PDF doc.

When Tika processes this crafted file, it allows unauthorized entry to inside assets.

FieldValueCVE-IDCVE-2025-66516CVSS Score10.0 (Important)Vulnerability TypeXML Exterior Entity (XXE) InjectionAttack VectorCrafted XFA file inside PDFPotential ImpactData exfiltration, DoS, SSRF

Profitable exploitation permits distant attackers to learn confidential information from susceptible servers. Exhaust system assets to trigger service disruptions, or abuse the server to make requests to inside community assets.

This might expose backend programs, databases, or cloud metadata endpoints that ought to stay protected behind firewalls.

Safety analysis agency Censys recognized 565 probably susceptible Tika Server situations accessible from the web as of December 2025.

These uncovered programs span a number of international locations and signify a major assault floor for risk actors scanning for unpatched installations.

Organizations working Apache Tika Server ought to instantly improve tika-core to model 3.2.2 or later. Purposes that use Tika as a Maven dependency should additionally replace tika-parsers to model 1.28.6 or increased, or tika-pdf-module to model 3.2.2 or increased.

No proof-of-concept exploit code has been publicly launched, and no lively exploitation has been reported on the time of disclosure.

Nonetheless, given the crucial severity and easy assault methodology, safety groups ought to prioritize patching earlier than attackers develop working exploits.

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups Cyber Security News
VexTrio TDS System Developing Several Malicious Apps Mimic as VPNs to Publish in Google Play and App Store Cyber Security News
Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions Cyber Security News
Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory Cyber Security News
Oracle Confirms that Hackers Targeting E-Business Suite Data With Extortion Emails Cyber Security News
AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits Cyber Security News