CVE-2025-30065 (CVSS 10): Critical Vulnerability Discovered in Apache Parquet Java
do son 
Apache Parquet, a widely used open-source, column-oriented data file format, has been found to contain a critical security vulnerability. This vulnerability poses a significant risk to systems utilizing the Apache Parquet Java library.
Apache Parquet is designed for efficient data storage and retrieval. It’s known for its high-performance compression and encoding schemes, making it suitable for handling complex data in bulk. Its support across numerous programming languages and analytics tools has contributed to its widespread adoption.
A critical vulnerability, identified as CVE-2025-30065, has been discovered in the Apache Parquet Java library. This vulnerability has been assigned a CVSS score of 10, indicating the highest level of severity.
- CVE-2025-30065: Apache Parquet Java Arbitrary Code Execution
The vulnerability resides within the parquet-avro module. It allows for arbitrary code execution when reading an Avro schema from Parquet file metadata. In simpler terms, a malicious actor could craft a Parquet file in such a way that, when processed by vulnerable versions of the Apache Parquet Java library, it would execute code of the attacker’s choosing on the system.
The following versions of Apache Parquet Java are affected:
- Apache Parquet Java through 1.15.0
The ability to execute arbitrary code on a system can have severe consequences. An attacker could potentially:
- Gain complete control of the affected system.
- Steal sensitive data.
- Install malware.
- Disrupt services.
Users of Apache Parquet Java are strongly advised to upgrade to version 1.15.1 as soon as possible. Version 1.15.1 contains a fix that addresses this critical vulnerability.
