VulnHub

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The article discusses a dual campaign targeting GlobalProtect portals and SonicWall APIs, highlighting a critical XXE vulnerability found in Apache software. This vulnerability poses a significant risk, necessitating immediate attention from affected organizations to mitigate potential exploitation.

Impact: GlobalProtect portals, SonicWall APIs, Apache software

Remediation: Organizations should apply patches and updates to affected Apache software and review configurations to mitigate the risk of exploitation.

Vulnerability Critical

2 hours ago

Read Original

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hacker News

CVE-2025-66516

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

Impact: Affected products include Apache Tika tika-core (versions 1.13-3.2.1), tika-pdf-module (versions 2.0.0-3.2.1), and tika-parsers (versions 1.13-1.28.5) across all platforms.

Remediation: Users are advised to apply the latest patches for the affected modules: tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1), and tika-parsers (1.13-1.28.5) to mitigate the vulnerability.

CVE Vulnerability Patch Critical

2 days ago

Read Original

Articles tagged "Apache"