CNNVD-202508-2251 Information

Aug 20, 2025 cve

CNNVD ID

CNNVD-202508-2251

CVE-2025-54988

  • CNNVD Published: 2025-08-20

Description (Chinese)

Apache Tika是美国阿帕奇(Apache)基金会的一个集成了POI(使用Java程序对MicrosoftOffice格式文档提供读和写功能的开源函数库)、Pdfbox(读取和创建PDF文档的纯Java类库)并为文本抽取工作提供了统一界面的内容抽取工具集合。 Apache Tika 1.13版本至3.2.1版本存在安全漏洞,该漏洞源于XML外部实体注入,可能导致读取敏感数据或触发恶意请求。

Description (English)

Apache Tika is a collection of POIs (open-source function library using Java program to provide reading and writing functions for MicrosoftOffice-format documents), Pdfbox (pure Java library to read and create PDF documents) and provides a collection of content extraction tools for text extraction. There is a security loophole between Appache Tika, Versions 1.13 and 3.2.1, which originates from the injection of an outside XML entity and may lead to the reading of sensitive data or the triggering of malicious requests.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2025-08-20

Last Modified

2026-02-24

References

https://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w https://nvd.nist.gov/vuln/detail/CVE-2025-54988 https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://tika.apache.org/

Share on: