malicious-pdf icon indicating copy to clipboard operation
malicious-pdf copied to clipboard
verified publisher icon jonaslejon

Apache Tika XXE CVE-2025-54988

Open oddcb opened this issue 2 months ago • 0 comments

See:

  • https://www.cve.org/CVERecord?id=CVE-2025-54988
  • https://github.com/advisories/GHSA-p72g-pv48-7w9x

Found a poc here: https://github.com/mgthuramoemyint/POC-CVE-2025-54988

Mitigations for people stuck at Tika 2.x summed up here: https://lists.apache.org/thread/ymw9kkh94kvw0s6plwvjrp577sl1wbp8

oddcb avatar Oct 02 '25 08:10 oddcb