CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Threat Score:

OSS Security

20 hours ago

Part of cluster #2095

Overview

oss-secmailing list archives CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA Current thread: CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFATim Allison (Aug 20) CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFATim Allison (Aug 20) CVE-2025-54988: Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFATim Allison (Aug 20)...

Continue Reading on Original Site

5 articles

Telecom Firm Colt Confirms Data Breach as Ransomware Group Auctions Files

Feedburner • 1 hour ago

Colt Technology Services is working on restoring systems disrupted by a ransomware attack that involved data theft.

Score

Apple Patches Zero-Day Exploited in Targeted Attacks

SecurityWeek • 7 hours ago

Apple has rolled out iOS and macOS updates that resolve a zero-day vulnerability exploited in highly targeted attacks.

Score

FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices

GB Hackers • 3 hours ago

FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices The Federal Bureau of Investigation (FBI) has issued a stark warning to the public, private sector, and international partners regarding persistent cyber threats from actors affiliated with the Russian Federal Security Service’s (FSB) Center 16. This unit, recognized in cybersecurity circles under monikers such as “Berserk Bear” and “Dragonfly,” has been actively exploiting vulnerabilities in network infrastruct

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 1 hour ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure

Cybersecurity News • 4 hours ago

The Federal Bureau of Investigation has issued a critical security alert regarding sophisticated cyber operations conducted by Russian Federal Security Service (FSB) Center 16, targeting networking infrastructure across the United States and globally. The threat actors have been exploiting vulnerable networking devices to gain unauthorized access to critical infrastructure systems, demonstrating a calculated approach to […]

Score

CVES

CVE-2025-54988

VULNERABILITIES

XML External Entity (XXE)

XML External Entity Injection

XXE

PLATFORMS

Apache

Apache Tika

ATTACK TYPES

Code Execution

Data Exfiltration

XML External Entity Injection

XXE

MITRE ATT&CK

T1021.001

T1033

T1046

T1068

T1069

COMPANIES

Apache Software Foundation

INDUSTRIES

Document Processing

IT Services

Information Technology

Software Development

ARTICLE INFORMATION

Article #12775

Published 20 hours ago

OSS Security

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

Telecom Firm Colt Confirms Data Breach as Ransomware Group Auctions Files

Apple Patches Zero-Day Exploited in Targeted Attacks

FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies