Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

A critical XXE bug (CVE-2025-66516) with a CVSS score of 10.0 has been discovered in Apache Tika, affecting multiple modules including tika-core, tika-pdf-module, and tika-parsers. This vulnerability allows attackers to perform XML External Entity injection via a crafted XFA file within a PDF, potentially leading to file system access and remote code execution, and requires urgent patching.