By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
18px_cookie
e-remove

Critical RCE Vulnerability in Apache Parquet (CVE-2025-30065) – Advisory and Analysis

Endor Labs advisory: Critical CVE-2025-30065 in Apache Parquet lets attackers run code via schema parsing. Patch now by upgrading to version 1.15.1.

Endor Labs advisory: Critical CVE-2025-30065 in Apache Parquet lets attackers run code via schema parsing. Patch now by upgrading to version 1.15.1.

Endor Labs advisory: Critical CVE-2025-30065 in Apache Parquet lets attackers run code via schema parsing. Patch now by upgrading to version 1.15.1.

Written by
Tom Gleason, VP of Customer Solutions
Tom Gleason
A photo of Ron Harnik — VP Marketing at Endor Labs.
Ron Harnik
Published on
April 2, 2025

Endor Labs advisory: Critical CVE-2025-30065 in Apache Parquet lets attackers run code via schema parsing. Patch now by upgrading to version 1.15.1.

Endor Labs advisory: Critical CVE-2025-30065 in Apache Parquet lets attackers run code via schema parsing. Patch now by upgrading to version 1.15.1.

A critical security vulnerability has been discovered in Apache Parquet’s Java library (specifically in the parquet-avro module). This flaw (identified as CVE-2025-30065) is classified as Deserialization of Untrusted Data (CWE-502) and carries the highest severity rating (CVSS 10.0, “Critical”)​. This vulnerability can impact data pipelines and analytics systems that import Parquet files, particularly when those files come from external or untrusted sources. If attackers can tamper with the files, the vulnerability may be triggered.

Any application or service using Apache Parquet Java library versions 1.15.0 or earlier is believed to be vulnerable (our own data indicates that this was introduced in version 1.8.0; however, current guidance is to review all historical versions).​ This includes systems that read or import Parquet files using popular big-data frameworks (e.g. Hadoop, Spark, Flink) or custom applications that incorporate the Parquet Java code. If you are unsure whether your software stack uses Parquet, check with your vendors or developers – many data analytics and storage solutions include this library.

What Could Happen? 

If an attacker tricks a vulnerable system into reading a specially crafted Parquet file, they could gain remote code execution (RCE) on that system​. In practice, this might allow them to:

  • Take control of the system: They could run any commands or software, effectively gaining control​.
  • Steal or tamper with data: Sensitive information could be accessed, copied, or modified.
  • Install malware: The attacker might deploy ransomware, cryptominers, or other malicious software.
  • Disrupt services: They could shut down services or corrupt data, causing denial of service and business downtime.

All confidentiality, integrity, and availability of the affected system are at risk (in CVSS terms, “High” impact on all three)​. Despite the frightening potential, it’s important to note that the vulnerability can only be exploited if a malicious Parquet file is imported.

Exploitation Status

As of early April 2025, there are no known reports of active exploitation of this vulnerability in the wild. This means attackers are not publicly known to be using it yet. However, the issue is now public knowledge​, and given its severity, attackers may attempt to create exploits. The absence of reported attacks should not delay urgent action. It’s critical to assume that exploitation is possible and to mitigate promptly.

Immediate Actions – How to Protect Your Systems:

  1. Upgrade Apache Parquet Java to 1.15.1 or later: This is the surest way to eliminate the risk. The Apache team has released version 1.15.1 which fixes the issue​. Coordinate with your engineering teams or vendors to update any Parquet library dependency to 1.15.1. If you use a platform (like a database or big-data service), check for their security updates addressing this CVE.
  2. Avoid or Validate Untrusted Parquet Files: Until you can patch, be extremely cautious with Parquet files from unknown or untrusted sources. If possible, do not process files that came from outside your organization or whose origin is uncertain. For critical workflows where Parquet input is required, implement input validation – for example, scan the file’s schema or structure for anomalies. 
  3. Enable Monitoring and Logging: Increase the monitoring on systems that handle Parquet processing. Ensure that security logs are capturing any unusual behavior – for instance, if a Parquet-processing service spawns a new process, makes outbound network connections, or loads unexpected classes/modules, those should trigger alerts. Early detection of suspicious activity can significantly reduce damage.
  4. Stay Informed and Apply Updates: Watch for any further advisories from Apache or cybersecurity authorities. This vulnerability is evolving, and additional guidance or patches might emerge. Applying all recommended software updates (not just for Parquet) and following secure configuration practices will strengthen your defense.

“CVSS 10.0” sounds alarming, and while this vulnerability is serious, taking the above actions will protect your systems. Updating your software and following security best practices will significantly reduce the risk. Our goal is to ensure you are aware of the issue and equipped to address it. By acting now, you can confidently continue using your systems knowing they are safeguarded against this threat. If you have any questions or need assistance in applying fixes or checks, our support and security teams are ready to help.

For Endor Labs customers:

While the EPSS score is currently low, we’ve seen in past cases that scores can escalate quickly. The latest EPSS risk data will be automatically reflected in your Endor Labs dashboard.

Let us know if you’d like help reviewing this or understanding exposure across your environments.

The Challenge

The Solution

The Impact

Book a Demo

Book a Demo

Book a Demo

Welcome to the resistance
Oops! Something went wrong while submitting the form.

Book a Demo

Book a Demo

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Book a Demo