Full Report
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. [...]
Analysis Summary
# Vulnerability: Critical RCE in Apache Parquet via Schema Parsing
## CVE Details
- CVE ID: CVE-2025-30065
- CVSS Score: 10.0 (Critical) - *Inferred based on RCE severity and lack of specific CVSS in source, using maximum severity.*
- CWE: Not explicitly listed, but relates to improper input validation leading to arbitrary code execution.
## Affected Systems
- Products: Apache Parquet (parquet-avro module)
- Versions: 1.15.0 and previous versions (vulnerability believed to be introduced in 1.8.0 or later).
- Configurations: Any data pipelines and analytics systems that import untrusted Parquet files.
## Vulnerability Description
A critical Remote Code Execution (RCE) vulnerability exists in the schema parsing logic within the `parquet-avro` module of Apache Parquet. An attacker can craft a malicious Parquet file which, when parsed or imported by a vulnerable system, allows the attacker to execute **arbitrary code** remotely on the affected system.
## Exploitation
- Status: Not exploited in the wild (as of the article date).
- Complexity: Assumed Medium/High, as it requires a specially crafted file input to trigger the RCE.
- Attack Vector: Network (via delivery of a malicious file) leading to Remote Code Execution.
## Impact
- Confidentiality: High (Potential for full system compromise)
- Integrity: High (Potential for full system compromise)
- Availability: High (Potential for system takeover or denial of service)
## Remediation
### Patches
- **Upgrade to Apache Parquet version 1.15.1 or later**, which contains the fix for CVE-2025-30065.
### Workarounds
- Avoid importing or processing Parquet files sourced from untrusted locations.
- Carefully validate the safety and provenance of all external Parquet files before processing them in production systems.
## Detection
- **Indicators of Compromise (IoC):** Look for unusual process execution originating from data processing services that handle Parquet file imports immediately following such an input event.
- **Detection Methods and Tools:** Increase monitoring and logging on systems responsible for Parquet file processing, paying close attention to system calls and unexpected network activity originating from these processes.
## References
- Vendor Advisory (Bulletin): hXXps://www.openwall.com/lists/oss-security/2025/04/01/1
- Endor Labs Advisory: hXXps://www.endorlabs.com/learn/critical-rce-vulnerability-in-apache-parquet-cve-2025-30065---advisory-and-analysis