Addressed Apache Tika vulnerability CVE-2025-66516, a critical XXE (XML External Entity) issue affecting the following modules:
• tika-core versions 1.13–3.2.1
• tika-pdf-module versions 2.0.0–3.2.1
• tika-parsers versions 1.13–1.28.5
This vulnerability affects all platforms and allows an attacker to perform XML External Entity (XXE) injection through a crafted XFA file embedded in a PDF. Upgraded Solr version to 8.11.3.1 in Ambari Infra Solr to resolve this vulnerability.
Was this page helpful?