CVE‑2025‑66516: Critical XXE in Apache Tika (CVSS 10.0)

A maximum‑severity XML External Entity (XXE) injection flaw has been disclosed in Apache Tika, tracked as CVE‑2025‑66516. The vulnerability affects multiple modules and can be exploited via crafted XFA files inside PDFs, enabling attackers to read arbitrary files, exfiltrate sensitive data, or even achieve remote code execution.

Affected Components

• tika-core
  • Versions: >= 1.13, <= 3.2.1
  • Patched in 3.2.2
• tika-parser-pdf-module
  • Versions: >= 2.0.0, <= 3.2.1
  • Patched in 3.2.2
• tika-parsers
  • Versions: >= 1.13, < 2.0.0
  • Patched in 2.0.0

Why It’s Critical

• XXE injection allows attackers to manipulate XML parsing to:
  • Access local files on the server.
  • Perform SSRF (server-side request forgery).
  • Potentially escalate to remote code execution.
• CVSS 10.0 rating reflects the ease of exploitation and severe impact.
• Expands scope beyond CVE‑2025‑54988 (CVSS 8.4), which was patched in August 2025.
  • That flaw was reported in the PDF parser module, but the root issue was in tika-core.
  • Users who patched only the parser module remain vulnerable unless tika-core is updated to 3.2.2.

Immediate Actions

1. Upgrade immediately:
   • tika-core → 3.2.2
   • tika-parser-pdf-module → 3.2.2
   • tika-parsers → 2.0.0
2. Audit dependencies:
   • Check Maven builds and lockfiles for vulnerable versions.
   • Ensure both core and parser modules are patched — partial upgrades leave systems exposed.
3. Mitigation if patching delayed:
   • Restrict processing of untrusted PDFs.
   • Disable XFA parsing if possible.
   • Apply strict input validation and sandboxing for document ingestion workflows.
4. Detection & monitoring:
   • Look for suspicious PDF uploads containing XFA forms.
   • Monitor for abnormal file access or outbound requests from Tika services.

Final Thought

This flaw is a textbook supply‑chain risk: many applications embed Apache Tika for content extraction, meaning vulnerable versions may be buried deep in enterprise workflows. Because exploitation requires only a crafted PDF, attackers can weaponize this quickly. Patch both core and parser modules together to close the gap.