A critical remote code execution (RCE) vulnerability, designated CVE-2025-30065, has been discovered in Apache Parquet, a popular open-source data storage format used extensively in big data and analytics environments.
CVE-2025-30065 received a maximum CVSS score of 10.0, indicating its ease of exploitation.
The flaw stems from the insecure deserialization of input data, which could allow threat actors to execute arbitrary code if a victim imports a specially crafted Parquet file to a vulnerable system. Thus, exploitation of CVE-2025-30065 would likely rely on social engineering tactics, such as convincing someone to open a malicious file, rather than automated attacks.
Parquet is widely used across cloud platforms and data processing frameworks. It has many notable users such as Netflix, Airbnb, Uber, and Slack, making the reach of this flaw particularly concerning.
The vulnerability affects Apache Parquet versions up to 1.15.0 and has been addressed in version 1.15.1. Impacted users are urged to update their software as soon as possible and to avoid importing untrusted Parquet files until that is done.
Source: Bleeping Computer
Analysis
Because Parquet is often used in conjunction with data tools like Apache Spark, Apache Hive, Trino, and Presto, a successful attack could compromise sensitive analytics workflows and expose large volumes of data that reside on the underlying system. Fortunately, threat actors must first successfully convince a potential victim to import a malicious Parquet file for the exploitation to take place, which somewhat mitigates the threat.
Apache Parquet has experienced a similar vulnerability in 2021. CVE-2021-41561 was another bug that involved improper input validation allowing threat actors to cause a denial of service (DoS) using malicious Parquet files. Fortunately, it doesn’t appear that this flaw was ever exploited, so hopefully that ends up also being the case for CVE-2025-30065.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in open-source utilities like Apache Parquet. Field Effect MDR users are automatically notified if a vulnerability is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.
Field Effect strongly recommends that impacted users upgrade to the patched versions as soon as possible, in accordance with the advisory, and avoid importing Parquet files from unknown sources until the update has been successfully completed. In general, users should scrutinize Parquet files from untrusted sources and only import them if there is a compelling business reason to do so.
Related Articles