VYPR

Maven package

org.apache.tika/tika-parser-pdf-module

pkg:maven/org.apache.tika/tika-parser-pdf-module

Vulnerabilities (2)

  • CVE-2025-66516Dec 4, 2025
    affected >= 2.0.0, < 3.2.2fixed 3.2.2

    Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability

  • CVE-2025-54988Aug 20, 2025
    affected >= 1.13, < 3.2.2fixed 3.2.2

    Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger ma