AI description
CVE-2025-30065 is a vulnerability in the Apache Parquet Java library, specifically within the parquet-avro module. It stems from insecure deserialization of untrusted data during schema parsing. This flaw affects Apache Parquet versions up to and including 1.15.0. Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution (RCE) on a vulnerable system. This can occur if a system is tricked into reading a specially crafted Parquet file. It is recommended to upgrade to version 1.15.1, which addresses the issue.
- Description
- Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security@apache.org
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
17
🚨 Vulnerabilidad crítica en Apache Parquet Java via 1.15.0 ⚠️ CVE-2025-30065 https://t.co/foqYNktm6w https://t.co/uWRXESReNr
@elhackernet
4 Apr 2025
1586 Impressions
2 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - bjornhels/CVE-2025-30065: PoC - https://t.co/WYOq1fwxjM
@piedpiper1616
4 Apr 2025
3752 Impressions
19 Retweets
52 Likes
13 Bookmarks
0 Replies
1 Quote
⚠️ A critical #vulnerability (CVE-2025-30065) in Apache Parquet's Java Library could allow remote code execution on vulnerable instances. This issue has a maximum CVSS score of 10.0 🤖 #flaw https://t.co/w7VTsPVylo
@manuelbissey
4 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability, CVE-2025-30065, in the Apache Parquet Java library could allow remote code execution, impacting systems that process untrusted Parquet files. With a CVSS score of 10.0, organizations must quickly upgrade to version 1.15.1 to avoid severe threats, incl...
@CybrPulse
4 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🗞️ Critical RCE Flaw in Apache Parquet Exposes Big Data Systems to Attack A max-severity RCE flaw (CVE-2025-30065) in Apache Parquet up to v1.15.0 threatens big data platforms like Hadoop and cloud services—upgrade to 1.15.1 ASAP to stay safe! There are no active exploits yet,
@gossy_84
4 Apr 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability designated CVE-2025-30065 has been discovered in Apache Parquet, with a CVSS score of 10.0, potentially allowing attackers to execute malicious code by leveraging vulnerable applications that process Parquet files. Admins are urged to apply the securit...
@CybrPulse
4 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
広く使用されているApache Parquetで最大の重大度のRCE脆弱性が発見される(CVE-2025-30065) https://t.co/qWOI5lHvkV #Security #セキュリティ #ニュース
@SecureShield_
4 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 CiberSeguridad en menos de 5 minutos 🧱 Apache Parquet vulnerable a RCE – CVE-2025-30065 permite ejecución remota al procesar archivos manipulados; afecta múltiples plataformas de big data. 🎭 Hunters International ahora es World Leaks – Se enfocan en extorsión sin cifrado, h
@Seifreed
4 Apr 2025
508 Impressions
2 Retweets
18 Likes
2 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-30065) in Apache Parquet allows remote code execution via crafted files. Affects versions up to 1.15.0; patched in 1.15.1. Risk to data pipelines is significant. ⚠️ #Apache #DataSecurity #USA link: https://t.co/kFP6D7Rejf https://t.co/nEjyRp9Iz
@TweetThreatNews
4 Apr 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A severe vulnerability in Apache Parquet's Java Library (CVE-2025-30065) has been disclosed, rated with a critical CVSS score of 10.0, allowing potential remote code execution through specially crafted Parquet files. While no known attacks have been reported yet, the risk is s...
@CybrPulse
4 Apr 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Parquet RCE脆弱性CVE-2025-30065 CVSS10.0信頼できないデータのデシリアライズに起因しており、バージョン 1.15.1 のリリースで修正されました。これは Parquet ファイルをインポートするすべてのデータ パイプラインと分析システムに影響を与える可能性があります。 https://t.co/Si6iFaoydR
@t_nihonmatsu
3 Apr 2025
198 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 Una vulnerabilidad de ejecución remota de código (RCE) de máxima gravedad (CVE-2025-30065) afecta hoy a todas las versiones de Apache Parquet hasta la 1.15.0 inclusive. 🧉 https://t.co/SebuB1aIX8
@MarquisioX
3 Apr 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30065 (CVSS 10): Critical Vulnerability Discovered in Apache Parquet Java https://t.co/a45n3sq4jz
@Dinosn
2 Apr 2025
2556 Impressions
8 Retweets
11 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-30065 ⚠️🔴 CRITICAL (10) 🏢 Apache Software Foundation - Apache Parquet Java 🏗️ 0 🔗 https://t.co/8DUwqaa4ab #CyberCron #VulnAlert #InfoSec https://t.co/0wDNbd69xT
@cybercronai
1 Apr 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-30065: CRITICAL] Apache Parquet 1.15.0 and earlier versions are vulnerable to arbitrary code execution due to a flaw in the parquet-avro module. Upgrade to version 1.15.1 for a fix.#cybersecurity,#vulnerability https://t.co/bulUKpWxv2 https://t.co/cI4YIHheZN
@CveFindCom
1 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes