Apache Tika CVE-2025-54988 (XXE in PDF Parser)
A critical XXE vulnerability (CVE-2025-54988) affects Apache Tika’s PDF parser module in versions 1.13 through 3.2.1, enabling attackers to read sensitive files or initiate SSRF-like requests via crafted XFA-in-PDF payloads. Tika is widely embedded (e.g., tika-parsers-standard-modules, tika-app, tika-grpc, tika-server-standard), amplifying downstream risk. Upgrade to 3.2.2 remediates the issue. Fortinet notes affected FortiDLP versions and recommends patching or migrating to fixed releases. Organizations processing untrusted documents, especially PDF ingestion pipelines and data extraction services, face elevated risk of internal metadata exfiltration and pivoting to internal hosts through parser SSRF vectors.
CORTEX Protocol Intelligence Assessment
{"Business Impact":"Document ingestion and e-discovery workflows risk data exposure and internal SSRF impacts.","Technical Context":"XXE via XFA in PDF; impacts multiple Tika packages; fixed in 3.2.2; FortiDLP versions listed as affected."}
Strategic Intelligence Guidance
- Upgrade Apache Tika to 3.2.2 across all consuming services; rebuild images.
- Sandbox and sanitize untrusted PDFs; disable XFA where possible.
- Egress restrict parser hosts; detect anomalous outbound calls from parsing tiers.
- Scan SBOMs to locate embedded Tika dependencies across services.
CVEs
Vendors
Threats
Targets
Intelligence Source: Apache Tika CVE-2025-54988 | Oct 15, 2025