## https://sploitus.com/exploit?id=EE7C32D6-8FEB-5D0A-828B-A182694BC5A6
# CVE-2025-66516: Critical XXE Vulnerability in Apache Tika
## Executive Summary
**CVE-2025-66516** is a critical XML External Entity (XXE) injection vulnerability in Apache Tika with a **CVSS score of 10.0** (maximum severity). The vulnerability allows remote attackers to read arbitrary files, perform Server-Side Request Forgery (SSRF), and exfiltrate sensitive data by uploading a specially crafted PDF document containing malicious XFA (XML Forms Architecture) content.
| Attribute | Value |
|-----------|-------|
| **CVE ID** | CVE-2025-66516 |
| **CVSS Score** | 10.0 (Critical) |
| **Disclosed** | December 4, 2025 |
| **Vendor** | Apache Software Foundation |
| **Affected Product** | Apache Tika |
| **Attack Vector** | Network (Remote) |
| **Authentication** | None Required |
## Affected Versions
| Component | Vulnerable Versions | Fixed Version |
|-----------|-------------------|---------------|
| tika-core | 1.13 - 3.2.1 | 3.2.2+ |
| tika-parser-pdf-module | 2.0.0 - 3.2.1 | 3.2.2+ |
| tika-parsers | 1.13 - 1.28.5 | 2.0.0+ |
**Important:** This CVE supersedes CVE-2025-54988, which incorrectly identified only the PDF module as vulnerable. The actual vulnerability resides in **tika-core**.
---
## Technical Analysis
### The Vulnerability
The vulnerability is an XML External Entity (XXE) injection flaw in how Apache Tika processes XFA (XML Forms Architecture) data within PDF documents.
**The Problem:** Tika relies on underlying Java XML parsers (specifically a StAX parser) to read XFA XML content. Vulnerable versions failed to correctly configure the parser to disable external entity resolution. When the parser encounters an external entity request (like `SYSTEM "file:///etc/passwd"`), it resolves and returns the file contents.
**Location:** The bug exists in `XMLReaderUtils.getXMLInputFactory()` in tika-core:
```java
public static XMLInputFactory getXMLInputFactory() {
XMLInputFactory factory = XMLInputFactory.newFactory();
tryToSetStaxProperty(factory, XMLInputFactory.IS_NAMESPACE_AWARE, true);
tryToSetStaxProperty(factory, XMLInputFactory.IS_VALIDATING, false);
factory.setXMLResolver(IGNORING_STAX_ENTITY_RESOLVER); // data: root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
...
```
### Protected Configuration (Woodstox StAX)
Testing against Tika 2.9.2 with Woodstox (standard tika-server-standard.jar):
| Test | Result |
|------|--------|
| XFA Detection | [PASS] PDF recognized as having XFA |
| XFA Parsing | [PASS] XFA content extracted |
| XXE File Read | [BLOCKED] External entities not resolved |
| XXE SSRF | [BLOCKED] No outbound connections |
**Output shows empty entity:**
```
data:
```
### Conclusion
The vulnerability is real and critical. Exploitation depends on the StAX implementation:
- [PROTECTED] `tika-server-standard.jar` - Bundled Woodstox blocks XXE
- [VULNERABLE] Embedded Tika (tika-core + parsers) - Uses JDK StAX by default
- [VULNERABLE] Custom deployments without Woodstox
- [VULNERABLE] Enterprise integrations (Elasticsearch, Solr, Alfresco) - Often use embedded Tika
---
## XXE Attack Capabilities
XXE is fundamentally a **file read/SSRF** vulnerability, not direct RCE. However, it enables several attack paths:
### Direct Attacks
| Attack | Payload Example |
|--------|-----------------|
| File Read | `SYSTEM "file:///etc/passwd"` |
| SSRF | `SYSTEM "http://internal:8080/admin"` |
| AWS Metadata | `SYSTEM "http://169.254.169.254/latest/meta-data/"` |
### Escalation to RCE
| Scenario | Attack Path |
|----------|-------------|
| AWS EC2 | XXE -> SSRF to metadata -> IAM credentials -> AWS CLI RCE |
| Kubernetes | XXE -> Read service account token -> kubectl exec |
| Internal Jenkins | XXE -> SSRF to script console -> Groovy RCE |
| Database | XXE -> Read config files -> Database access |
| SSH | XXE -> Read SSH keys -> Remote shell access |
---
## Remediation
### Immediate Actions
1. **Upgrade Apache Tika to version 3.2.2 or later**
```xml
org.apache.tika
tika-core
3.2.2
```
2. **Verify all Tika components are updated** (tika-core AND parser modules)
### Risk Assessment
| Deployment Type | Risk Level |
|-----------------|------------|
| tika-server-standard.jar | LOW - Woodstox mitigates |
| Embedded Tika (library usage) | HIGH - Likely vulnerable |
| Custom without Woodstox | HIGH - Vulnerable |
### Defense in Depth
1. **Input Validation** - Validate uploaded file types
2. **Network Segmentation** - Isolate Tika processing
3. **Least Privilege** - Minimal filesystem permissions
4. **Monitoring** - Alert on unusual file access
---
## Research Journey
### Issues Encountered
**Issue 1: Initial exploit did not work**
- XFA was detected but XXE never triggered
- Spent time debugging payload structure
**Issue 2: Multiple XML declarations error**
- Error: `WstxParsingException: Illegal processing instruction target ("xml")`
- Cause: XFA streams were each including XML declarations
- Fix: Only include declaration in preamble, not sub-streams
**Issue 3: The Woodstox mystery**
- All payloads failed against tika-server-standard.jar
- Discovered Woodstox was bundled and blocking XXE
- Created Dockerfile.jdk-stax to test without Woodstox
**Issue 4: Testing wrong configuration**
- Wasted time on protected configuration
- Lesson: Understand the full dependency tree before testing
### Lessons Learned
1. **CVSS scores need context** - Environmental factors affect exploitability
2. **Test minimal configurations** - Don't assume bundled dependencies
3. **XML parsers vary wildly** - Same code behaves differently with different parsers
4. **Embedded != Server** - Library usage often has different dependencies
5. **Error messages are clues** - Parser exceptions reveal implementation details
---
## References
- [Apache Tika Security Advisory](https://lists.apache.org/thread/...)
- [Fix Commit](https://github.com/apache/tika/commit/bfee6d5569fe9197c4ea947a96e212825184ca33)
- [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-66516)
- [Apache Tika Mailing List Discussion](https://www.mail-archive.com/user@tika.apache.org/msg04590.html)
## Timeline
| Date | Event |
|------|-------|
| August 2025 | CVE-2025-54988 disclosed (incomplete scope) |
| December 4, 2025 | CVE-2025-66516 published (full scope identified) |
| December 4, 2025 | Apache Tika 3.2.2 released with fix |
---
## Disclaimer
This lab environment and proof-of-concept code are provided for **authorized security testing, educational purposes, and defensive research only**.
Do not use these tools against systems without explicit written authorization.
## License
This research material is provided for educational purposes. Use responsibly.