Severity: Critical

Description: SAS 9.4 products contain a version of Apache Tika that is affected by the following known vulnerabilities:

• CVE-2025-54988
• CVE-2025-66516

​​​​​​Potential Impact: Refer to the CVE records above for additional information. The impacted products are as follows:

• SAS^® Web Infrastructure Platform
• SAS^® Deployment Backup and Recovery Tool
• SAS^® Document Conversion