Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Fix
Priority: Critical
Fix Version/s: None
Affects Version/s: 16.10.10, 17.6.0, 17.4.4
Component/s: Tika
Labels:

Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

See https://app.opencve.io/cve/CVE-2025-54988

All versions of tika-core between 1.13 and 3.2.1 are affected. So all supported versions of XWiki are impacted.
The only patched version is 3.2.3. But currently we are unable to upgrade from tika 2.x to tika 3.x, see XWIKI-22595

Proposed solution:

deploy a patched version of tika 2.9.4 in our external repository (https://maven.xwiki.org/externals) (see CVE-2025-5498-1.patch )
use the patched version for all versions of xwiki

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

CVE-2025-5498-1.patch
4 kB
25/Aug/25 15:19

Issue Links

links to

GitHub advisory

Activity

People

Assignee:: Michael Hamann

Reporter:: Manuel Leduc

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Aug/25 14:33

Updated:: Yesterday 10:25

Resolved:: Yesterday 10:15

Date of First Response:: 10/Sep/25 3:23 PM