"As Apache explained, the entry point for CVE-2025-54988 was Tika's tika-parser-pdf-module, but the vulnerability and its fix were in another piece of code called tika-core. "Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable," the organization advised. The org's new advisory also admits that its original report "failed to mention that in the 1.x Tika releases, the PDFParser was in the org.apache.tika:tika-parsers module." Tika's developers have tidied things up in recent releases, and now users get to revisit this mess too."
""Since Sep'25, we have seen new kind of DDoS coming from US and South America (Brazil, Chile, Argentina, Mexico, Columbia)," OVH CEO Octave Klaba reported last week. "The size is around 15-16Tbps coming thought Miami, FL Dallas, TX and Los Angeles, CA." OVH is adding the extra DDOS protection capacity to deal with the threat. Klaba said OVH aims to deploy 100Tbps of DDOS-deflectors, ASAP, to defend its operations."
Apache Tika, which detects and extracts metadata from over 1,000 file formats, contains a newly disclosed vulnerability tracked as CVE-2025-66516 that reached a 10.0 severity rating. A prior fix for CVE-2025-54988 in the tika-parser-pdf-module left users exposed if tika-core was not upgraded to >= 3.2.2 because the underlying code lived in tika-core. OVH reports a new wave of large DDoS attacks originating from the US and South America, around 15–16 Tbps via Miami, Dallas and Los Angeles, and plans rapid capacity additions targeting 100 Tbps. Legislation to establish cyber deterrence and response has also resurfaced.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]