CVE-2025-30065
Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
| CWE | CWE-502 |
| Vendor | apache software foundation |
| Product | apache parquet java |
| Published | Apr 1, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for apache software foundation apache parquet java
Be the first to know when new unknown vulnerabilities affecting apache software foundation apache parquet java are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apache Software Foundation / Apache Parquet Java
0 โค 1.15.0
References
lists.apache.org: https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 github.com: https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java github.com: https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java openwall.com: http://www.openwall.com/lists/oss-security/2025/04/01/1 news.ycombinator.com: https://news.ycombinator.com/item?id=43603091 bleepingcomputer.com: https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/ access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-30065 github.com: https://github.com/apache/parquet-java/pull/3169
Credits
Keyi Li (Amazon)