A most severity distant code execution (RCE) vulnerability has been found impacting all variations of Apache Parquet as much as and together with 1.15.0.
The issue stems from the deserialization of untrusted knowledge that would permit attackers with specifically crafted Parquet recordsdata to achieve management of goal programs, exfiltrate or modify knowledge, disrupt providers, or introduce harmful payloads akin to ransomware.
The vulnerability is tracked below CVE-2025-30065 and has a CVSS v4 rating of 10.0. The flaw was mounted with the discharge of Apache model 1.15.1.
It ought to be famous that to take advantage of this flaw, menace actors should persuade somebody to import a specifically crafted Parquet file.
Extreme menace to “massive knowledge” environments
Apache Parquet is an open-source, columnar storage format designed for environment friendly knowledge processing. In contrast to row-based codecs (like CSV), Parquet shops knowledge by columns, which makes it sooner and extra space-efficient for analytical workloads.
It’s extensively adopted throughout the information engineering and analytics ecosystem, together with massive knowledge platforms like Hadoop, AWS, Amazon, Google, and Azure cloud providers, knowledge lakes, and ETL instruments.
Some giant firms that use Parquet embody Netflix, Uber, Airbnb, and LinkedIn.
The safety downside in Parquet was disclosed on April 1, 2025, following a accountable disclosure by its finder, Amazon researcher Keyi Li.
“Schema parsing within the parquet-avro module of Apache Parquet 1.15.0 and former variations permits dangerous actors to execute arbitrary code,” warned the quick bulletin printed on Openwall.
“Customers are advisable to improve to model 1.15.1, which fixes the difficulty.”
A separate bulletin by Endor Labs highlights the danger of CVE-2025-30065 exploitation extra clearly, warning that the flaw can impression any knowledge pipelines and analytics programs that import Parquet recordsdata, with the danger being important for recordsdata sourced from exterior factors.
Endor Labs believes the issue was launched in Parquet model 1.8.0, although older releases may additionally be impacted. The agency suggests coordinated checks with builders and distributors to find out what Praquet variations are utilized in manufacturing software program stacks.
“If an attacker tips a weak system into studying a specifically crafted Parquet file, they might acquire distant code execution (RCE) on that system,” warns Endor Labs.
Nevertheless, the safety agency avoids over-inflating the danger by together with the notice, “Regardless of the horrifying potential, it is necessary to notice that the vulnerability can solely be exploited if a malicious Parquet file is imported.”
That being stated, if upgrading to Apache Parquet 1.15.1 instantly is unimaginable, it’s recommended to keep away from untrusted Parquet recordsdata or fastidiously validate their security earlier than processing them. Additionally, monitoring and logging on programs that deal with Parquet processing ought to be elevated.
Though no energetic exploitation has been found but, the danger is excessive as a result of flaw’s severity and the widespread use of Parquet recordsdata in massive knowledge functions.
Directors of impacted programs are advisable to improve to Parquet model 1.15.1, which addresses CVE-2025-30065, as quickly as potential.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and defend in opposition to them.