Vulnerability Assessment CVE-2025-66516 on Protection engine (SPE)
search cancel

Vulnerability Assessment CVE-2025-66516 on Protection engine (SPE)

book

Article ID: 423266

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Vulnerability Assessment CVE-2025-66516 on Protection engine (SPE) and understanding how SPE deals with PDF files, forged using XML XXE method, or including XFA content.

Environment

Protection Engine 9.x (NAS and Cloud)

Resolution

SPE does not use Apache Tika.

PDF parser is wrapped by our proprietary Safe Execution Engine which protect against such vulnerability. Regarding SPE we have server-side validations on XML files.

 

Additional Information

CRE-22973

Powered by Wolken Software