Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Atlassian security patch release for CVE-2025-66516

Security Patch Release
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

Atlassian released December 2025 patches for roughly 30 third-party vulnerabilities, reducing exposure across Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, Jira, and Jira Service Management. The bundle includes critical-severity flaws, led by CVE-2025-66516 in Apache Tika. That issue is a CVSS 10.0 XXE injection bug that can be triggered through crafted XFA files inside PDF files and may lead to information leaks, DoS, SSRF, or RCE. Atlassian advised users to apply the patches as soon as possible.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

Google security patch release for CVE-2026-5858

Security Patch Release
First: 10.04.2026 13:44 Last: 10.04.2026 13:44 Sources 1

About this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...

Open Happening

GitLab security patch release for CVE-2026-0723

Security Patch Release
First: 21.01.2026 15:57 Last: 21.01.2026 15:57 Sources 1

About this happening: **GitLab** released **18.8.2, 18.7.2, and 18.6.4** to fix multiple security flaws in **GitLab CE/EE**. The update matters because one of the issues, **CVE-2026-0723**, is a high-s...

Open Happening

Trend Micro security patch release for CVE-2025-69258

Security Patch Release
First: 09.01.2026 12:01 Last: 09.01.2026 12:01 Sources 1

About this happening: **Trend Micro** released **security updates** for **Apex Central for Windows** to fix **CVE-2025-69258**, a **9.8 CVSS** remote-code-execution flaw that could let an unauthenticat...

Open Happening

Timeline

  1. 15.12.2025 13:00 2 articles · 5mo ago

    Atlassian releases December 2025 patches for third-party vulnerabilities

    Mitigation Patch Update

    Atlassian released fixes for roughly 30 third-party vulnerabilities across Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, Jira, and Jira Service Management, including CVE-2025-66516, a CVSS 10/10 XML External Entity (XXE) injection bug in Apache Tika affecting tika-core, tika-pdf-module, and tika-parsers. The release also addressed CVE-2022-37601 in webpack loader-utils and CVE-2021-39227 in ZRender, with Atlassian advising users to apply the patches as soon as possible.

    Show sources
    Open in new tab