Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-54988

Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-54988
  • Apache » Tika » Version: 1.13
    cpe:2.3:a:apache:tika:1.13
  • Apache » Tika » Version: 1.14
    cpe:2.3:a:apache:tika:1.14
  • Apache » Tika » Version: 1.15
    cpe:2.3:a:apache:tika:1.15
  • Apache » Tika » Version: 1.16
    cpe:2.3:a:apache:tika:1.16
  • Apache » Tika » Version: 1.17
    cpe:2.3:a:apache:tika:1.17
  • Apache » Tika » Version: 1.18
    cpe:2.3:a:apache:tika:1.18
  • Apache » Tika » Version: 1.19
    cpe:2.3:a:apache:tika:1.19
  • Apache » Tika » Version: 1.19.1
    cpe:2.3:a:apache:tika:1.19.1
  • Apache » Tika » Version: 1.20
    cpe:2.3:a:apache:tika:1.20
  • Apache » Tika » Version: 1.21
    cpe:2.3:a:apache:tika:1.21
  • Apache » Tika » Version: 1.22
    cpe:2.3:a:apache:tika:1.22
  • Apache » Tika » Version: 1.23
    cpe:2.3:a:apache:tika:1.23
  • Apache » Tika » Version: 1.24
    cpe:2.3:a:apache:tika:1.24
  • Apache » Tika » Version: 1.24.1
    cpe:2.3:a:apache:tika:1.24.1
  • Apache » Tika » Version: 1.25
    cpe:2.3:a:apache:tika:1.25
  • Apache » Tika » Version: 1.26
    cpe:2.3:a:apache:tika:1.26
  • Apache » Tika » Version: 1.27
    cpe:2.3:a:apache:tika:1.27
  • Apache » Tika » Version: 1.28
    cpe:2.3:a:apache:tika:1.28
  • Apache » Tika » Version: 1.28.1
    cpe:2.3:a:apache:tika:1.28.1
  • Apache » Tika » Version: 1.28.2
    cpe:2.3:a:apache:tika:1.28.2
  • Apache » Tika » Version: 1.28.3
    cpe:2.3:a:apache:tika:1.28.3
  • Apache » Tika » Version: 1.28.4
    cpe:2.3:a:apache:tika:1.28.4
  • Apache » Tika » Version: 1.28.5
    cpe:2.3:a:apache:tika:1.28.5
  • Apache » Tika » Version: 2.0.0
    cpe:2.3:a:apache:tika:2.0.0
  • Apache » Tika » Version: 2.1.0
    cpe:2.3:a:apache:tika:2.1.0
  • Apache » Tika » Version: 2.2.0
    cpe:2.3:a:apache:tika:2.2.0
  • Apache » Tika » Version: 2.2.1
    cpe:2.3:a:apache:tika:2.2.1
  • Apache » Tika » Version: 2.3.0
    cpe:2.3:a:apache:tika:2.3.0
  • Apache » Tika » Version: 2.4.0
    cpe:2.3:a:apache:tika:2.4.0
  • Apache » Tika » Version: 2.4.1
    cpe:2.3:a:apache:tika:2.4.1
  • Apache » Tika » Version: 2.5.0
    cpe:2.3:a:apache:tika:2.5.0
  • Apache » Tika » Version: 2.6.0
    cpe:2.3:a:apache:tika:2.6.0
  • Apache » Tika » Version: 2.7.0
    cpe:2.3:a:apache:tika:2.7.0
  • Apache » Tika » Version: 2.8.0
    cpe:2.3:a:apache:tika:2.8.0
  • Apache » Tika » Version: 2.9.0
    cpe:2.3:a:apache:tika:2.9.0
  • Apache » Tika » Version: 2.9.1
    cpe:2.3:a:apache:tika:2.9.1
  • Apache » Tika » Version: 2.9.2
    cpe:2.3:a:apache:tika:2.9.2
  • Apache » Tika » Version: 2.9.3
    cpe:2.3:a:apache:tika:2.9.3
  • Apache » Tika » Version: 2.9.4
    cpe:2.3:a:apache:tika:2.9.4
  • Apache » Tika » Version: 3.0.0
    cpe:2.3:a:apache:tika:3.0.0
  • Apache » Tika » Version: 3.1.0
    cpe:2.3:a:apache:tika:3.1.0
  • Apache » Tika » Version: 3.2.0
    cpe:2.3:a:apache:tika:3.2.0
  • Apache » Tika » Version: 3.2.1
    cpe:2.3:a:apache:tika:3.2.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved