BSSA-2026-05

Date 2026-07-17
Severity reported "high", BlueSpice assessment: not affected
Affected bluespice/search Docker image (all versions)
Fixed in Unknown
CVE

Problem

CVE Component Type of vulnerability BlueSpice 5
CVE-2025-14813 bluespice/search Use of a Broken or Risky Cryptographic Algorithm not affected

Impact assessment

CVE Assessment Mitigation without update
CVE-2025-14813 The code is only used by Tika when processing Encrypted PDFs and Office files, which we don't support. In addition the code affected in particular is probably not used and the described attack vector ("capture ciphertext") and impact ("perform cryptanalysis and uncover the underlying data") is not applicable in this use case. No action required.

Solution

No immediate action required.