CVE-2025-66516: Maximum-Severity Vulnerability in Apache Tika Could Lead to XML External Entity Injection Attack

**Executive Summary:** CVE-2025-66516 is a maximum-severity (CVSS 10.0) XML External Entity (XXE) vulnerability affecting multiple Apache Tika components (tika-core, tika-pdf-module, tika-parsers) that can be triggered by embedding a malicious XFA file inside a PDF, potentially exposing server files and enabling remote code execution; users should urgently update affected modules (tika-core >= 3.2.2 and corresponding parsers) to mitigate risk.