CVE-2025-30065: Apache Parquet RCE via Schema Parsing

Score: 10
CRITICAL
Published: 2025-04-01Affected: Apache Parquet Java ≀ 1.15.0CWE-502 β†—

Can Apache Parquet files contain malware?

A critical deserialization vulnerability in Apache Parquet's Java library. Maliciously crafted Parquet files trigger arbitrary code execution when their schemas are parsed, affecting any data pipeline or analytics platform processing Parquet data.

Impact & Exploitation

CVSS 10.0. Affects virtually every big data platform (Spark, Hadoop, Flink, Hive). A single malicious Parquet file can compromise an entire data lake or analytics cluster.

Related Resources

πŸ” Related CWE Entries

πŸ“‹ OWASP Top 10

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS10
SeverityCRITICAL
CWECWE-502
Published2025-04-01

Tags

big-datadeserializationjavarce

Quick Links

Is your system affected?

Precogs AI detects Apache Parquet RCE via Schema Parsing in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2025-30065 Apache Parquet RCE via Schema Parsing don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo