A critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems.
The flaw, tracked as CVE-2025-54988, affects a wide range of Apache Tika deployments and has prompted immediate security advisories from the Apache Software Foundation.
https://gbhackers.com/critical-flaw-in- ... df-parser/