Full Report
A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances. Apache Parquet is a free and open-source columnar data file format that's designed for efficient data processing and retrieval, providing support for complex data, high-performance
Analysis Summary
# Vulnerability: Critical Remote Code Execution in Apache Parquet Avro Module
## CVE Details
- CVE ID: CVE-2025-30065
- CVSS Score: 10.0 (Critical)
- CWE: Not specified in the provided text (Likely related to insecure deserialization or improper input validation during schema parsing)
## Affected Systems
- Products: Apache Parquet Java Library (specifically the `parquet-avro` module)
- Versions: All versions up to and including 1.15.0
- Configurations: Systems that process or import Parquet files, especially those sourced from external or untrusted locations.
## Vulnerability Description
This critical vulnerability resides in the schema parsing mechanism within the `parquet-avro` module of the Apache Parquet Java Library. A remote attacker can exploit this flaw by tricking a susceptible system into reading a specially crafted Parquet file. Successful exploitation leads to arbitrary code execution on the compromised instance.
## Exploitation
- Status: Not exploited in the wild (as of the report date), but high risk due to critical nature.
- Complexity: Low (requires tricking the system into reading a malicious file).
- Attack Vector: Network (via delivery of the malicious file).
## Impact
- Confidentiality: High (Remote Code Execution allows access to system data).
- Integrity: High (Remote Code Execution allows modification of data/systems).
- Availability: High (Remote Code Execution can lead to service disruption or system compromise).
## Remediation
### Patches
- Apache Parquet has released version **1.15.1** which addresses this vulnerability.
### Workarounds
- The primary control is to ensure that Parquet files are only read from trusted sources. Avoid importing Parquet files from external or untrusted providers.
## Detection
- **Indicators of Compromise:** Monitoring for unusual process execution originating from data processing services handling Parquet files, especially those triggered immediately after file ingestion.
- **Detection Methods and Tools:** Implement strict validation of incoming Parquet files or restrict file ingestion to highly audited pipelines.
## References
- Vendor Advisory: Mentioned as the project maintainers' advisory.
- Relevant links:
- nvd dot nist dot gov/vuln/detail/CVE-2025-30065
- endorlabs dot com/learn/critical-rce-vulnerability-in-apache-parquet-cve-2025-30065---advisory-and-analysis
- thehackernews dot com/2025/04/critical-flaw-in-apache-parquet-allows-remote-attackers-to-execute-arbitrary-code html (Original article URL)