Hello everyone,
I have a question regarding my understanding of the following topic:
Recently, the following CVE was published: https://www.cve.org/CVERecord?id=CVE-2025-54988
The Tika-Server Version in HCL Domino 12.0.2 FP6 is 2.9.2 and in FP7 2.9.4
From my understanding, this vulnerability can only be exploited if the attacker has direct access to the Tika server. For example: myserver:9998.
Since HCL Domino uses the Tika server to index attachments, I would appreciate any clarification or statement on this matter.
Upgrading the tika server is currently not possible, as the Java version used in HCL Domino 12.0.2 does not support version 3.2.2