CVE-2025-30065
Published Apr 1, 2025
Last updated 10 months ago
AI description
CVE-2025-30065 is a vulnerability in the Apache Parquet Java library, specifically within the parquet-avro module. It stems from insecure deserialization of untrusted data during schema parsing. This flaw affects Apache Parquet versions up to and including 1.15.0. Successful exploitation of this vulnerability could allow an attacker to achieve remote code execution (RCE) on a vulnerable system. This can occur if a system is tricked into reading a specially crafted Parquet file. It is recommended to upgrade to version 1.15.1, which addresses the issue.
- Description
- Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- parquet_java
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@apache.org
- CWE-502
- Hype score
- Not currently trending
【13-year-old ActiveMQ bug now exploited for remote code execution】 Apache ActiveMQに13年前から存在していた脆弱性(CVE-2025-30065)が、現在実際に悪用されていると報じられています。 特定条件下でリモートから任意コマンド
@01ra66it
9 Apr 2026
359 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Critical: CVE-2025-30065 , Parquet / parquet-avro RCE. Details & checklist ➡️ https://t.co/OxXSlF1g17 #CVE2025 #ApacheParquet #AppSec https://t.co/PkWJyl2ZL1
@xygeni
16 Oct 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30065 Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. Github link: https://t.co/hmGO9uiCIx
@PoC_in_Github
19 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Major vulnerabilities have been identified in IBM's Db2 and Tivoli Monitoring software. The critical CVE-2025-30065 in Db2 can allow attackers to execute malicious code, raising urgent security concerns for users. It's essential for organizations using these systems to priorit...
@CybrPulse
30 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Parquet flaw CVE-2025-30065 gets public exploit, exposing servers as new tool makes detection of vulnerable systems easy. #CyberSecurity #ParquetExploit #CVE202530065 https://t.co/hDkhrMeagD
@CyberSecTV_eu
22 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Parquet (up to version 1.15.0) has a super dangerous bug - CVE-2025-30065 - rated 10 out of 10. If your system reads a specially crafted Parquet file using the parquet-avro module, it could run malicious code without warning. https://t.co/26YdGUDCdu #dataengineering
@luminousmen
15 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical CVE-2025-30065 Apache Parquet Exploit Tool Unleashed! Read The Full Article Here: https://t.co/JT1ziNth4v #CVE202530065 #ApacheParquetExploit #CyberSecurity #RCEVulnerability #InfoSec #ExploitTool #TechNews #DataSecurity #BigDataThreats #CyberThreats https://t.co/za8IL
@technijian_
12 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Parquet Javaの脆弱性(CVE-2025-30065)の検証・検出ツールをF5 Labsが公開 #セキュリティ対策Lab #セキュリティ #Security https://t.co/X7Ahjcz7zT
@securityLab_jp
8 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apache Parquet Vulnerability #CVE-2025-30065: Critical Risk and Exploitation Insights https://t.co/E8SfUGC90F
@UndercodeNews
7 May 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apache Parquet flaw can lead to remote code execution CVE-2025-30065 lets attackers exploit Java deserialization in Parquet files. Use F5’s test tool & update to 1.15.1+ ASAP. https://t.co/xXA29ZdsIr #CVE202530065 #JavaSecurity #apache https://t.co/yI2nFQu6Do
@dCypherIO
7 May 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A proof-of-concept exploit tool has been released for the critical Apache Parquet vulnerability (CVE-2025-30065), allowing easy detection of vulnerable servers. #CyberSecurity #ApacheParquet https://t.co/nAqerOShOy
@Cyber_O51NT
7 May 2025
338 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Parquetのエクスプロイトツールが重大な脆弱性を持つサーバーを検出(CVE-2025-30065) https://t.co/Q9lyw9Gogw #Security #セキュリティ #ニュース
@SecureShield_
7 May 2025
280 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Apache Parquet Exploit Tool Detects Servers Vulnerable to Critical Flaw (#CVE-2025-30065) https://t.co/PThBvfwwKT Educational Purposes!
@UndercodeUpdate
6 May 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Parquetの深刻な脆弱性(CVE-2025-30065)に対する概念実証ツールがF5 Labsにより公開された。これは、既存のPoCが機能しないことを受けて開発されたもので、脆弱なサーバを特定する手段となる。 問題はParquet
@yousukezan
6 May 2025
2675 Impressions
4 Retweets
18 Likes
4 Bookmarks
0 Replies
0 Quotes
F5 Labs released an exploit tool for the CVE-2025-30065 Apache Parquet vulnerability, enhancing identification of affected servers. This deserialization flaw affects versions up to 1.15.0. Upgrade to 15.1.1 or later for security. #Security https://t.co/MqWzFuEXi5
@Strivehawk
6 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in Apache Parquet (CVE-2025-30065) has been uncovered. F5 Labs released a tool to identify affected servers, highlighting risks in environments processing unverified files. 📊🔒 #ApacheParquet #F5Labs #USA link: https://t.co/ATCg7scByv https://t.co/E
@TweetThreatNews
6 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cyberNEWS A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. https://t.co/fOpe14vD9Z
@CyberSysblue
6 May 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2025-30065) in Apache Parquet has been exposed with a proof-of-concept exploit tool, enabling easy detection of affected servers. Stay informed on this serious security issue and learn how to protect your systems. Read more: https://t.co/CQoTFn3HRn
@trubetech
6 May 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📌 أُطلق أداة استغلال لتجاوز ثغرة حرجة في Apache Parquet، المسجلة تحت رقم CVE-2025-30065، مما يسهل اكتشاف الخوادم الضعيفة. تُعتبر هذه الثغرة ذات شدة قصوى وتتيح فرص هجو
@Cybercachear
6 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Parquet files power Big Data & Cloud, but new vulnerabilities like CVE-2025-30065 mean security is a must! Learn about risks, mitigations, and how to validate your Parquet data in my latest article via @DZoneInc. #CloudSecurity #BigData https://t.co/qVks1ANfLM
@morusu_v
24 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30065
@transilienceai
20 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical vulnerability (CVE-2025-30065) in the Apache Parquet's parquet-avro module poses a significant risk, allowing attackers to execute arbitrary code through maliciously crafted Parquet files. Major organizations using Parquet for data processing could face severe conse...
@CybrPulse
16 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A critical vulnerability (CVE-2025-30065) in the Apache Parquet's parquet-avro module poses a significant risk, allowing attackers to execute arbitrary code through maliciously crafted Parquet files. Major organizations using Parquet for data processing could face severe conse...
@CybrPulse
15 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical vulnerabilities (CVE-2025-24859 and CVE-2025-30065, both with a CVSS score of 10) threaten the securities of systems using Apache Roller and Apache Parquet. Apache Roller allows unauthorized access even after password changes due to a session management flaw, whil...
@CybrPulse
15 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CRITICAL SECURITY ALERT 🚨 Apache Parquet Java library contains a severe Remote Code Execution vulnerability (CVE-2025-30065) discovered on April 2, 2025. The flaw in the parquet-avro module allows attackers to execute arbitrary code on affected systems. If you're using http
@ThreatRadarAI
14 Apr 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL SECURITY ALERT🚨 Apache Parquet Java library contains a severe Remote Code Execution vulnerability(CVE-2025-30065) discovered on April 2, 2025. The flaw in the parquet-avro module allows attackers to execute arbitrary code on affected systems. #ApacheParquet #CVE #RCE
@ThreatRadarAI
14 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-30065
@transilienceai
12 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-30065
@transilienceai
11 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Measured analysis of Apache Parquet CVE-2025-30065 by @the_emmons: "Feels like a clever red team exploit....it requires expertise and time to weaponize, and RCE isn’t a sure thing even if you do get a Parquet file deserialized by a vulnerable instance." https://t.co/h9lZ4XrUjG
@catc0n
11 Apr 2025
927 Impressions
6 Retweets
20 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 Massive new risk for data systems! CVE-2025-30065 | Apache Parquet Java lib flaw (CVSS 10.0) lets attackers execute arbitrary code via poisoned files. If your pipelines touch untrusted Parquet files, patch NOW. https://t.co/Z02g16z5eD
@achi_tech
8 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Nueva vulnerabilidad: CVE-2025-30065 en la librería Java de Apache Parquet (CVSS 10.0) permite a atacantes ejecutar código arbitrario a través de ficheros manipulados. Si tus pipelines procesan archivos Parquet de fuentes no confiables, parchea. Más info aquí:
@Cyph3R_CyberSec
7 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache Parquetで重大な脆弱性、対象者はアップデートを(CVE-2025-30065) #セキュリティ対策Lab #セキュリティ #Security https://t.co/L2iK6W67hR
@securityLab_jp
7 Apr 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
こんばんは、いかがお過ごしでしょうか「今宵のサイバーセキュリティーについて気になること」情シス部門のゼロトラスト導入に向けて#7 改善活動について考えてみよう、Oracle社が情報漏洩を隠蔽しようとした疑惑、Apache Parquet RCE脆弱性CVE-2025-30065 CVSS10.0 などをお伝えします。 https://t.co/MUuyS6aGAo
@t_nihonmatsu
6 Apr 2025
1981 Impressions
1 Retweet
10 Likes
0 Bookmarks
1 Reply
1 Quote
Guidance for handling CVE-2025-30065 using Microsoft Security capabilities https://t.co/zWtJ8191S0 #Microsoft #techcommunity
@MSITTechNews
6 Apr 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2025-2748: XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS https://t.co/bMnlsnb4Vd 2. CVE-2025-44228: AnyDesk RCE PoC https://t.co/vGlZNwGVFD 3. CVE-2025-30065: Apache Parquet RCE https://t.co/0uZP5a053F
@ksg93rd
6 Apr 2025
622 Impressions
2 Retweets
11 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-30065 Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrad… https://t.co/vBDcnQHrMI
@CVEnew
5 Apr 2025
528 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidade Crítica no Apache Parquet e Ataques a Servidores Tomcat 1. Vulnerabilidade no Apache Parquet (CVE-2025-30065): - Gravidade: CVSS 10.0 (crítica). - Impacto: Permite execução remota de código arbitrário via arquivos Parquet maliciosos.
@pedroco53915492
5 Apr 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical security alert for Apache Parquet users! A new max-severity flaw (CVE-2025-30065) could let attackers execute arbitrary code. Patch to version 1.15.1 immediately! https://t.co/ORamrFK2dw https://t.co/PUUdHZ34Sg
@troyCyber_
5 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The vulnerability is tracked under CVE-2025-30065 and has a CVSS v4 score of 10.0. https://t.co/R1BMRjM38d https://t.co/Ih0PtvYHT7
@riskigy
5 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30065 : ข้อบกพร่อง RCE ความรุนแรงสูงสุดที่ค้นพบในปาร์เก้ Apache ที่ใช้กันอย่างแพร่หลาย https://t.co/MiSlPj6Vin
@freedomhack101
5 Apr 2025
11 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30065 impacts Apache Parquet #ApacheParaquet #CVE-2025-30065 https://t.co/NAourLz3Zz
@pravin_karthik
5 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A maximum severity RCE vulnerability (CVSS 10.0) has been discovered, impacting all versions of Apache Parquet <= v1.15.0. CVE-2025-30065 https://t.co/oR9IowMESz
@t3l3machus
5 Apr 2025
827 Impressions
5 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
ثغرة جديدة على Apache Parquet CVE-2025-30065 نوعها RCE و مستوى الخطورة 10 🔥 وكل الاصدارات الى 1.15.0 مصابة تم إغلاق الثغرة في تحديث 1.15.1 التحديث مهم جدا https://t.co/hUHQ32aOzV
@HereHuss
5 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad crítica en Apache Parquet Java via 1.15.0 ⚠️ CVE-2025-30065 https://t.co/foqYNktm6w https://t.co/uWRXESReNr
@elhackernet
4 Apr 2025
1714 Impressions
3 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - bjornhels/CVE-2025-30065: PoC - https://t.co/WYOq1fwxjM
@piedpiper1616
4 Apr 2025
5020 Impressions
22 Retweets
60 Likes
18 Bookmarks
0 Replies
1 Quote
⚠️ A critical #vulnerability (CVE-2025-30065) in Apache Parquet's Java Library could allow remote code execution on vulnerable instances. This issue has a maximum CVSS score of 10.0 🤖 #flaw https://t.co/w7VTsPVylo
@manuelbissey
4 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability, CVE-2025-30065, in the Apache Parquet Java library could allow remote code execution, impacting systems that process untrusted Parquet files. With a CVSS score of 10.0, organizations must quickly upgrade to version 1.15.1 to avoid severe threats, incl...
@CybrPulse
4 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🗞️ Critical RCE Flaw in Apache Parquet Exposes Big Data Systems to Attack A max-severity RCE flaw (CVE-2025-30065) in Apache Parquet up to v1.15.0 threatens big data platforms like Hadoop and cloud services—upgrade to 1.15.1 ASAP to stay safe! There are no active exploits yet,
@gossy_84
4 Apr 2025
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability designated CVE-2025-30065 has been discovered in Apache Parquet, with a CVSS score of 10.0, potentially allowing attackers to execute malicious code by leveraging vulnerable applications that process Parquet files. Admins are urged to apply the securit...
@CybrPulse
4 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
広く使用されているApache Parquetで最大の重大度のRCE脆弱性が発見される(CVE-2025-30065) https://t.co/qWOI5lHvkV #Security #セキュリティ #ニュース
@SecureShield_
4 Apr 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:parquet_java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4B22E1-F482-470E-B3D5-12D6E8C4DF0F",
"versionEndExcluding": "1.15.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]