"According to Apache, a related and more serious bug, registered as CVE-2025-66516, has now been identified in a core component of Tika. The earlier problem was visible through the PDF parser module, but the underlying cause was in the central tiki-core component. As a result, users remained vulnerable if they only updated the parser and not the core library. The problem has only been completely resolved as of version 3.2.2 of tika-core."
"The Apache Software Foundation discovered a serious security flaw in Apache Tika, a widely used open source tool for analyzing and extracting metadata from files. The vulnerability has the maximum CVSS score of 10.0 and could enable exploitation if systems are not fully updated. Apache Tika supports more than a thousand file formats and is widely used in search engines, document management systems, and security software."
A critical vulnerability with a CVSS score of 10.0 was discovered in Apache Tika, affecting its core tika-core component. Tika supports over a thousand file formats and is embedded in search engines, document management systems, and security tools. An earlier, lower-severity PDF-parser issue masked a deeper root cause in the central library, leaving systems vulnerable if only parser modules were updated. The flaw is fully fixed in tika-core version 3.2.2. Incomplete advisory details and older module layouts caused update confusion. Administrators must verify deployed Tika components and apply updates to prevent potentially widespread exploitation.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]