Critical Apache Parquet RCE Vulnerability Discovered (CVE-2025-30065)
2025-04-06
A critical remote code execution (RCE) vulnerability (CVE-2025-30065), with a CVSS score of 10.0, has been found in Apache Parquet versions up to and including 1.15.0. Attackers can exploit this flaw by using specially crafted Parquet files to gain control of systems. This affects a wide range of big data platforms, including Hadoop, AWS, and is used by companies like Netflix and Uber. Version 1.15.1 patches this issue; immediate upgrade is recommended. While no active exploitation has been reported, the risk is high due to the severity and widespread use of Parquet.