https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291265#M38202 <P>Hello&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/45385">@eertul</a>,</P><P>One of my colleagues faced the same issue in his monitoring project and fixed it by upgrading the Tika components to the higher recommended versions in a lower environment first. After replacing the JARs under /opt/dynatrace-binary/elasticsearch/modules/ingest-attachment/ and restarting the service, the vulnerability scan cleared.<BR />The recommended versions are:</P><P>tika-core → 3.2.2 or later<BR />tika-parser-pdf-module → 3.2.2 or later<BR />tika-parsers → 2.0.0 or later</P><P>&nbsp;</P><P>Thanks,</P><P>Sujit</P> Wed, 10 Dec 2025 21:56:23 GMT sujit_k_singh 2025-12-10T21:56:23Z https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291193#M38186 <P>We found a lot of tika components under "/opt/dynatrace-binary/elasticsearch/modules/ingest-attachment/" which are affected from&nbsp;CVE-2025-66516.&nbsp;</P><P>Our version is 1.312. Is there any mitigation or suggestions?</P><P>Thanks.</P> Wed, 10 Dec 2025 07:26:24 GMT https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291193#M38186 eertul 2025-12-10T07:26:24Z https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291194#M38187 <P>Hi,</P><P>If you read <A title="this" href="https://www.cve.org/CVERecord?id=CVE-2025-54988" target="_blank" rel="noopener">this</A>, they recommend to upgrade to version 3.2.2.</P><P>Best regards</P> Wed, 10 Dec 2025 07:49:53 GMT https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291194#M38187 AntonPineiro 2025-12-10T07:49:53Z https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291219#M38194 <P>Hello&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/45385">@eertul</a>,<BR /><BR />In this article you'll have all the needed information on how to report a security vulnerability to the Dynatrace:<BR /><A href="https://community.dynatrace.com/t5/Troubleshooting/Report-a-security-vulnerability/ta-p/195675" target="_self">Report a security vulnerability</A>&nbsp;<BR />If you'll follow all the step from it, you'll get all your questions answered in the support ticket.&nbsp;<BR /><BR />As for the both CVE's you've mentioned, I can see already two internal tickets about them. As soon as there will be official communication about them available, you'll be able to see it in this article:<BR /><A href="https://community.dynatrace.com/t5/Heads-up-from-Dynatrace/Dynatrace-CVE-status-Common-Vulnerabilities-and-Exposures/ta-p/214793" target="_self">Dynatrace CVE status (Common Vulnerabilities and Exposures)</A>&nbsp;</P> Wed, 10 Dec 2025 09:43:12 GMT https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291219#M38194 MaciejNeumann 2025-12-10T09:43:12Z https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291265#M38202 <P>Hello&nbsp;<a href="https://community.dynatrace.com/t5/user/viewprofilepage/user-id/45385">@eertul</a>,</P><P>One of my colleagues faced the same issue in his monitoring project and fixed it by upgrading the Tika components to the higher recommended versions in a lower environment first. After replacing the JARs under /opt/dynatrace-binary/elasticsearch/modules/ingest-attachment/ and restarting the service, the vulnerability scan cleared.<BR />The recommended versions are:</P><P>tika-core → 3.2.2 or later<BR />tika-parser-pdf-module → 3.2.2 or later<BR />tika-parsers → 2.0.0 or later</P><P>&nbsp;</P><P>Thanks,</P><P>Sujit</P> Wed, 10 Dec 2025 21:56:23 GMT https://community.dynatrace.com/t5/Open-Q-A/CVE-2025-54988-amp-CVE-2025-66516-Apache-Tika-Components/m-p/291265#M38202 sujit_k_singh 2025-12-10T21:56:23Z