A critical remote code execution (RCE) vulnerability has been detected in all versions of Apache Parquet up to version 1.15.0, posing a severe risk to systems worldwide.
Overview of the Vulnerability
This vulnerability arises from the deserialization of untrusted data, enabling threat actors to leverage specially crafted Parquet files to manipulate or gain control of affected systems. Such breaches may result in data theft, service disruptions, or the injection of malicious software, such as ransomware.
Identified as CVE-2025-30065, this flaw has received the highest severity score of 10.0 on the CVSS v4 scale, and was promptly addressed in Apache Parquet version 1.15.1.
Implications for Data-Intensive Sectors
Apache Parquet is widely embraced within the engineering and data analytics communities for its efficient data processing capabilities in columnar format. Its adoption spans across leading platforms, including Hadoop, major cloud services, and numerous data lake and ETL tools.
- High-profile enterprises like Netflix, Uber, Airbnb, and LinkedIn depend on Parquet for their data operations.
This vulnerability disclosure, originally made on April 1, 2025 by Amazon researcher Keyi Li, was intended to alert the community and prevent potential exploits.
Risk and Prevention
According to Endor Labs, the vulnerability affects any data processing system that imports Parquet files, especially from external sources, thus intensifying the risk.
Their analysis suggests the vulnerability has been present since version 1.8.0, and older versions might also be vulnerable. They recommend thorough checks with developers and system vendors to identify the software stacks’ affected versions.
Despite the critical nature of this RCE vulnerability, active exploitations have not been reported. However, systems administrators are urged to upgrade to Apache Parquet version 1.15.1 immediately to alleviate risks.
In instances where immediate upgrading is not feasible, it’s advisable to exercise extreme caution with Parquet files of unknown origin, validate their integrity thoroughly, and enhance system monitoring and logging.
Delve into the Red Report 2025, presenting a comprehensive analysis of common cyberattack strategies based on a study covering 14 million malicious actions.
Related: 5 Alarming Ways Fake AI and Business Tools are Deploying Backdoors into Your System
Last Updated: April 3, 2025
