A most severity distant code execution (RCE) vulnerability has been found impacting all variations of Apache Parquet as much as and together with 1.15.0.
The issue stems from the deserialization of untrusted information that would permit attackers with specifically crafted Parquet information to achieve management of goal methods, exfiltrate or modify information, disrupt providers, or introduce harmful payloads resembling ransomware.
The vulnerability is tracked beneath CVE-2025-30065 and has a CVSS v4 rating of 10.0. The flaw was fastened with the discharge of Apache model 1.15.1.
It must be famous that to use this flaw, risk actors should persuade somebody to import a specifically crafted Parquet file.
Extreme risk to “large information” environments
Apache Parquet is an open-source, columnar storage format designed for environment friendly information processing. In contrast to row-based codecs (like CSV), Parquet shops information by columns, which makes it sooner and extra space-efficient for analytical workloads.
It’s broadly adopted throughout the info engineering and analytics ecosystem, together with large information platforms like Hadoop, AWS, Amazon, Google, and Azure cloud providers, information lakes, and ETL instruments.
Some giant corporations that use Parquet embody Netflix, Uber, Airbnb, and LinkedIn.
The safety downside in Parquet was disclosed on April 1, 2025, following a accountable disclosure by its finder, Amazon researcher Keyi Li.
“Schema parsing within the parquet-avro module of Apache Parquet 1.15.0 and former variations permits unhealthy actors to execute arbitrary code,” warned the quick bulletin revealed on Openwall.
“Customers are really useful to improve to model 1.15.1, which fixes the problem.”
A separate bulletin by Endor Labs highlights the danger of CVE-2025-30065 exploitation extra clearly, warning that the flaw can influence any information pipelines and analytics methods that import Parquet information, with the danger being vital for information sourced from exterior factors.
Endor Labs believes the issue was launched in Parquet model 1.8.0, although older releases may also be impacted. The agency suggests coordinated checks with builders and distributors to find out what Praquet variations are utilized in manufacturing software program stacks.
“If an attacker methods a susceptible system into studying a specifically crafted Parquet file, they may achieve distant code execution (RCE) on that system,” warns Endor Labs.
Nevertheless, the safety agency avoids over-inflating the danger by together with the word, “Regardless of the scary potential, it is necessary to notice that the vulnerability can solely be exploited if a malicious Parquet file is imported.”
That being mentioned, if upgrading to Apache Parquet 1.15.1 instantly is inconceivable, it’s instructed to keep away from untrusted Parquet information or fastidiously validate their security earlier than processing them. Additionally, monitoring and logging on methods that deal with Parquet processing must be elevated.
Though no energetic exploitation has been found but, the danger is excessive as a result of flaw’s severity and the widespread use of Parquet information in large information purposes.
Directors of impacted methods are really useful to improve to Parquet model 1.15.1, which addresses CVE-2025-30065, as quickly as doable.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and how one can defend towards them.
