Akamai customers have been protected from this vulnerability since December 11, 2025. CVE-2025-66516 is a newly discovered critical XML external entity (XXE) vulnerability in Apache Tika that allows attackers to exploit and abuse crafted XFA content that is embedded within PDF files. Because of unsafe XML parsing in tika-core, uploaded malicious PDF documents can trigger external entity resolution during document processing, potentially leading to sensitive file disclosure or outbound network access.  This vulnerability affects and impacts multiple Tika modules and expands the scope of a previously reported issue , making any service that unsafely parses or processes untrusted PDFs with Apache Tika a very high-risk target. Akamai has deployed an Akamai Adaptive Security Engine Rapid Rule to protect our customers from these threats.…