ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection (CVE-2025-66516)
Here you can find all the details about the rule "ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection (CVE-2025-66516)". Propose edits, view related rules, and engage with the community through comments.
[[ currentRule.title ]]
[[ currentRule.description ]]
Rule Content
v [[ currentRule.version ]][[ currentRule.to_string ]]{
"id": 183065,
"format": "suricata",
"title": "ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection (CVE-2025-66516)",
"license": "GPL-2.0",
"description": "No description provided",
"uuid": "62611e0f-3dc6-4359-8924-bd00d43b7d55",
"original_uuid": "2066322",
"source": "emerging-all.rules.zip by admin admin",
"author": "Unknown",
"creation_date": "2025-12-19 10:26",
"last_modif": "2025-12-19 10:26",
"vote_up": 0,
"vote_down": 0,
"user_id": 1,
"version": "1",
"to_string": "alert http any any -> $HOME_NET any (msg:\"ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection (CVE-2025-66516)\"; flow:established,to_server; http.request_body; content:\"|25|PDF|2d|1|2e|\"; content:\"|0a 2f|NeedAppearances|20|\"; fast_pattern; content:\"|0a 2f|XFA|20|\"; content:\"|3c 21|ENTITY|20|\"; distance:0; content:\"|20|SYSTEM|20|\"; distance:0; reference:url,xz.aliyun.com/news/90783; reference:cve,2025-66516; classtype:web-application-attack; sid:2066322; rev:1; metadata:affected_product Apache_Tika, attack_target Server, tls_state TLSDecrypt, created_at 2025_12_15, cve CVE_2025_66516, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_12_15, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)",
"is_favorited": false,
"cve_id": "{CVE-2025-66516}"
}{
"uuid": "21f78744-2455-473b-af11-1c7322e1e6c6",
"Object": [
{
"name": "suricata",
"meta-category": "network",
"template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a",
"description": "An object describing one or more Suricata rule(s) along with version and contextual information.",
"template_version": "2",
"uuid": "4710a755-ca90-4aad-9247-25c7abe83305",
"Attribute": [
{
"uuid": "22b31ff7-a3ec-42f4-b4e4-7fd1ed6c8833",
"object_relation": "suricata",
"value": "alert http any any -> $HOME_NET any (msg:\"ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection (CVE-2025-66516)\"; flow:established,to_server; http.request_body; content:\"|25|PDF|2d|1|2e|\"; content:\"|0a 2f|NeedAppearances|20|\"; fast_pattern; content:\"|0a 2f|XFA|20|\"; content:\"|3c 21|ENTITY|20|\"; distance:0; content:\"|20|SYSTEM|20|\"; distance:0; reference:url,xz.aliyun.com/news/90783; reference:cve,2025-66516; classtype:web-application-attack; sid:2066322; rev:1; metadata:affected_product Apache_Tika, attack_target Server, tls_state TLSDecrypt, created_at 2025_12_15, cve CVE_2025_66516, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_12_15, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)",
"type": "snort",
"disable_correlation": false,
"to_ids": true,
"category": "Network activity"
},
{
"uuid": "1b1199aa-5586-49ae-82c7-c77886f1c7eb",
"object_relation": "suricata-rule-name",
"value": "ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection (CVE-2025-66516)",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "225af97e-846f-4709-925e-062ffd3ba199",
"object_relation": "comment",
"value": "No description provided",
"type": "comment",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "322150dd-2931-4fe0-9148-bb795155034d",
"object_relation": "version",
"value": "1",
"type": "text",
"disable_correlation": false,
"to_ids": false,
"category": "Other"
},
{
"uuid": "f774543e-d663-41e0-b074-3ec9794eb000",
"object_relation": "reference",
"value": "emerging-all.rules.zip by admin admin",
"type": "link",
"disable_correlation": false,
"to_ids": false,
"category": "External analysis"
}
],
"distribution": "5",
"sharing_group_id": "0"
}
]
}Similar Rules
More RulesThe similarity is calculated using the TF-IDF (Term Frequency - Inverse Document Frequency) vectorization of each rule's text, followed by computing the cosine similarity between vectors.
This method compares the textual content of the rules, giving higher weight to distinctive terms and lower weight to common terms. It is robust to small changes in wording.
Learn more on the official scikit-learn documentation: TF-IDF Vectorizer & Cosine Similarity
[[ rule.title ]]
[[ rule.description ]]
Related Bundles
[[ bundleListRule.length ]] TotalNo bundles found for this rule.
Please log in to propose an edit.
No edit proposals found for this rule.
[[ comments_list.length ]] Comments
Join the conversation
Login to replyCommunity Discussion
No comments yet
Be the first to share your thoughts on this rule!