The article discusses CVE-2025-66516, a severe vulnerability in Apache Tika that can lead to XML External Entity (XXE) attacks. This flaw affects several Tika components and allows attackers to inject malicious files, posing serious risks to systems if not patched immediately. Users are urged to update all affected modules to mitigate the threat.

A critical vulnerability in Apache ActiveMQ has been exploited, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2025-XXXX, poses significant risks for users who have not applied the necessary security updates, making it imperative for organizations to secure their installations immediately.

A critical remote code execution vulnerability (CVE-2025-30065) has been found in all versions of Apache Parquet up to 1.15.0, allowing attackers to exploit specially crafted Parquet files for malicious purposes. Users are urged to upgrade to version 1.15.1 to mitigate the risk, which is particularly significant for big data environments and analytics systems that rely on Parquet files. Although no active exploitation has been reported yet, the potential for severe impact remains high due to the widespread use of this format.