diff --git a/.trivyignore b/.trivyignore
index 1823bf40aa..a6965fdbd5 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,3 +1,2 @@
 CVE-2024-53299
 CVE-2024-57699
-CVE-2025-66516
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 06ed5cc25a..66c79bb985 100644
--- a/pom.xml
+++ b/pom.xml
@@ -672,7 +672,7 @@
 		<groovy.version>3.0.25</groovy.version>
 		<servlet.version>3.1.0</servlet.version>
 		<jackson.version>2.15.0</jackson.version>
-		<tika.version>1.28.3</tika.version>
+		<tika.version>3.2.2</tika.version>
 		<langchain4j.version>1.8.0</langchain4j.version>
 	</properties>
 </project>
diff --git a/server-plugin/server-plugin-report-markdown/src/main/java/io/onedev/server/plugin/report/markdown/MarkdownReportDownloadResource.java b/server-plugin/server-plugin-report-markdown/src/main/java/io/onedev/server/plugin/report/markdown/MarkdownReportDownloadResource.java
index 12d3287138..e571b2625c 100644
--- a/server-plugin/server-plugin-report-markdown/src/main/java/io/onedev/server/plugin/report/markdown/MarkdownReportDownloadResource.java
+++ b/server-plugin/server-plugin-report-markdown/src/main/java/io/onedev/server/plugin/report/markdown/MarkdownReportDownloadResource.java
@@ -6,11 +6,11 @@ import io.onedev.commons.utils.LockUtils;
 import io.onedev.server.OneDev;
 import io.onedev.server.service.BuildService;
 import io.onedev.server.service.ProjectService;
+import io.onedev.server.util.IOUtils;
 import io.onedev.server.model.Build;
 import io.onedev.server.model.Project;
 import io.onedev.server.security.SecurityUtils;
 import org.apache.shiro.authz.UnauthorizedException;
-import org.apache.tika.io.IOUtils;
 import org.apache.tika.mime.MimeTypes;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
 import org.apache.wicket.request.resource.AbstractResource;