Description

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

INFO

Published Date :

2025-04-01T07:53:42.993Z

Last Modified :

2026-02-26T18:29:05.414Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30065 vulnerability.

Vendors Products
Apache
  • Parquet
  • Parquet Java
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30065.

URL Resource
http://www.openwall.com/lists/oss-security/2025/04/01/1 cve-icon
https://access.redhat.com/security/cve/CVE-2025-30065 cve-icon
https://github.com/advisories/GHSA-2c59-37c4-qrx5 cve-icon
https://github.com/apache/parquet-java/pull/3169 cve-icon
https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java cve-icon cve-icon
https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java cve-icon cve-icon
https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5 cve-icon cve-icon cve-icon
https://news.ycombinator.com/item?id=43603091 cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-30065 cve-icon
https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-30065 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact