That could enable attackers to steal sensitive data, launch denial-of-service attacks, or conduct server-side request forgery operations.
The vulnerability, tracked as CVE-2025-66516, affects tika-core versions 1.13.0 through 3.2.1 and carries a maximum CVSS severity score of 10.0.
Apache disclosed the flaw on December 4, 2025, prompting immediate concern among organizations that rely on the popular content analysis toolkit.
Apache Tika processes various document formats to extract metadata and text content. The vulnerability allows attackers to exploit XXE injection by embedding a malicious XFA file inside a PDF document.
When Tika processes this crafted file, it enables unauthorized access to internal resources.
| Field | Value |
|---|---|
| CVE-ID | CVE-2025-66516 |
| CVSS Score | 10.0 (Critical) |
| Vulnerability Type | XML External Entity (XXE) Injection |
| Attack Vector | Crafted XFA file inside PDF |
| Potential Impact | Data exfiltration, DoS, SSRF |
Successful exploitation permits remote attackers to read confidential files from vulnerable servers. Exhaust system resources to cause service disruptions, or abuse the server to make requests to internal network resources.
This could expose backend systems, databases, or cloud metadata endpoints that should remain protected behind firewalls.
Security research firm Censys identified 565 potentially vulnerable Tika Server instances accessible from the internet as of December 2025.
These exposed systems span multiple countries and represent a significant attack surface for threat actors scanning for unpatched installations.
Organizations running Apache Tika Server should immediately upgrade tika-core to version 3.2.2 or later. Applications that use Tika as a Maven dependency must also update tika-parsers to version 1.28.6 or higher, or tika-pdf-module to version 3.2.2 or higher.
No proof-of-concept exploit code has been publicly released, and no active exploitation has been reported at the time of disclosure.
However, given the critical severity and straightforward attack method, security teams should prioritize patching before attackers develop working exploits.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post 500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online appeared first on Cyber Security News.
In a new mission statement of sorts emailed to Xbox staff and posted on Xbox…
Apex debuts on Netflix on April 24.If there's one thing Charlize Theron knows how to…
For a limited time, B&H Photo is offering the powerful MSI Aegis Z2 RTX 5070…
BLOOMINGTON, Ind. (WOWO) — A Bloomington man is facing multiple felony charges after police said…
ILLINOIS, (WOWO) — Political leaders moved Wednesday to block Indiana’s effort to lure the Chicago…
Rock County Emergency Management Director Kevin Burnett stated that his team has been working to…
This website uses cookies.