CVE-2025-30065 – This vulnerability in Apache Parquet's parquet-... (How to Fix)

Q: What is the severity of CVE-2025-30065?

CVE-2025-30065 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Apache Parquet's parquet-avro module allows attackers to execute arbitrary code by exploiting schema parsing flaws. It affects all systems using Apache Parquet 1.15.0 and earlier versions. This is a critical remote code execution vulnerability with a CVSS score of 9.8.

📋 TL;DR

This vulnerability in Apache Parquet's parquet-avro module allows attackers to execute arbitrary code by exploiting schema parsing flaws. It affects all systems using Apache Parquet 1.15.0 and earlier versions. This is a critical remote code execution vulnerability with a CVSS score of 9.8.

💻 Affected Systems

Products:

Apache Parquet
Apache Parquet Java library
Any software using parquet-avro module

Versions: Apache Parquet 1.15.0 and all previous versions

Operating Systems: All operating systems running Java applications

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using the parquet-avro module for schema parsing. Systems not processing Parquet files are not affected.

📦 What is this software?

Parquet Java by Apache

View all CVEs affecting Parquet Java →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or unauthorized system access.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are enforced, though code execution would still be possible.

🌐 Internet-Facing: HIGH - Any internet-facing service processing Parquet files with the vulnerable module can be exploited remotely.

🏢 Internal Only: HIGH - Internal systems processing untrusted Parquet files are equally vulnerable to exploitation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires processing a malicious Parquet file. No authentication is needed if the service accepts file uploads or processes external Parquet files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apache Parquet 1.15.1

Vendor Advisory: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5

Restart Required: Yes

Instructions:

1. Identify all applications using Apache Parquet
2. Update parquet-avro dependency to version 1.15.1
3. Rebuild and redeploy affected applications
4. Restart services using the updated libraries

🔧 Temporary Workarounds

Disable parquet-avro module

all

Temporarily disable or remove the parquet-avro module if not essential for operations

Remove parquet-avro dependency from pom.xml or build.gradle
Disable Parquet file processing in application configuration

Input validation and sanitization

all

Implement strict validation of Parquet files before processing

Implement file signature validation
Use allowlisting for expected Parquet schemas
Process files in isolated containers

🧯 If You Can't Patch

Implement strict network segmentation to isolate Parquet processing systems
Deploy runtime application self-protection (RASP) or WAF with file upload protection

🔍 How to Verify

Check if Vulnerable:

Check application dependencies for parquet-avro version 1.15.0 or earlier. Review build files (pom.xml, build.gradle) and deployed libraries.

Check Version:

For Maven: mvn dependency:tree | grep parquet-avro
For Gradle: gradle dependencies | grep parquet-avro
Direct check: java -cp parquet-avro.jar org.apache.parquet.Version

Verify Fix Applied:

Verify parquet-avro version is 1.15.1 or higher in dependencies. Test with known safe Parquet files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual Java process spawning
Unexpected network connections from Parquet processing services
Stack traces containing parquet.avro or schema parsing errors
Large or malformed Parquet file processing attempts

Network Indicators:

Unexpected outbound connections from Parquet processing systems
Suspicious file uploads to Parquet-enabled endpoints
Anomalous traffic patterns to/from Parquet services

SIEM Query:

source="*parquet*" AND (event_type="process_creation" OR event_type="network_connection") AND severity=HIGH

📊 Metadata

CVE ID: CVE-2025-30065

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 0.44% exploit probability (62.9th percentile)

Published: April 1, 2025

Last Updated: July 28, 2025

🔗 References

https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 Mailing List,Release Notes
http://www.openwall.com/lists/oss-security/2025/04/01/1 Mailing List,Third Party Advisory
https://access.redhat.com/security/cve/CVE-2025-30065 Issue Tracking,Third Party Advisory
https://github.com/apache/parquet-java/pull/3169 Issue Tracking,Patch
https://news.ycombinator.com/item?id=43603091 Issue Tracking,Third Party Advisory
https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/ Exploit,Press/Media Coverage,Third Party Advisory
https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java Third Party Advisory
https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30065, you might also want to check these: