Tech »  Topic »  Apache warns of 10.0-rated flaw in Tika metadata ingestion tool

Apache warns of 10.0-rated flaw in Tika metadata ingestion tool

8 hours ago   theregister.co.uk

Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit.

Tika detects and extracts metadata from over 1,000 different file formats. Last August, Apache reported CVE-2025-54988, an 8.4 rated flaw that it warned allows an attacker to carry out XML External Entity injection via a crafted XFA file inside a PDF.

Apache fixed that flaw but last Friday announced a related, and worse, problem known as CVE-2025-66516.

As Apache explained, the entry point for CVE-2025-54988 was Tika’s tika-parser-pdf-module, but the vulnerability and its fix were in another piece of code called tika-core. “Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable,” the organization advised.

The org’s new advisory also admits that its original report “failed to mention that in the 1.x Tika releases, the PDFParser was in ...


Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE