Summary: A critical remote code execution (RCE) vulnerability (CVE-2025-30065) has been found in all versions of Apache Parquet up to 1.15.0, potentially allowing attackers to execute arbitrary code through specially crafted Parquet files. The flaw, due to unsafe deserialization of untrusted data, poses a severe threat, especially to big data environments. Users are advised to upgrade to version 1.15.1, which addresses this vulnerability.
Affected: Apache Parquet
Keypoints :
- Severity: CVSS v4 score of 10.0, indicating maximum severity.
- Vulnerability allows RCE if a maliciously crafted Parquet file is imported.
- High risks for big data systems using external sources and analytics systems.
- Upgrade to version 1.15.1 is strongly recommended to mitigate the vulnerabilities.
- Increased monitoring and validation of Parquet files suggested if immediate upgrade is not possible.