A maximum severity vulnerability (CVE-2025-30065) has been disclosed in Apache Parquet's Java Library, enabling remote attackers to execute arbitrary code. The flaw is present in versions 1.15.0 and earlier, allowing maliciously crafted Parquet files to exploit systems. Although no evidence of active exploitation exists, the vulnerability poses risks to data pipelines and analytics systems using untrusted files. Cloud security experts caution about the trend of Apache project vulnerabilities, noting the urgency in patching and monitoring these systems for potential attacks.
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code, said the project maintainers.
This vulnerability can impact data pipelines and analytics systems that import Parquet files, particularly when those files come from external or untrusted sources,
If attackers can tamper with the files, the vulnerability may be triggered.
While there is no evidence that the flaw has been exploited in the wild, vulnerabilities in Apache projects have become a lightning rod for threat actors.
Collection
[
|
...
]