Vulnerability Description
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Parquet Java | < 1.15.1 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5Mailing ListRelease Notes
- http://www.openwall.com/lists/oss-security/2025/04/01/1Mailing ListThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-30065Issue TrackingThird Party Advisory
- https://github.com/apache/parquet-java/pull/3169Issue TrackingPatch
- https://news.ycombinator.com/item?id=43603091Issue TrackingThird Party Advisory
- https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-ExploitPress/Media CoverageThird Party Advisory
- https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetEThird Party Advisory
- https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/javaThird Party Advisory
FAQ
What is CVE-2025-30065?
CVE-2025-30065 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes t...
How severe is CVE-2025-30065?
CVE-2025-30065 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-30065?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Parquet Java.