Max severity RCE flaw discovered in widely used Apache Parquet

Max severity RCE flaw discovered in widely used Apache Parquet

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

Significant big data environment risk likely with maximum severity Apache Parquet bug

BleepingComputer reports that Amazon Web Services, Google, Microsoft Azure, Hadoop, and other big data platforms could be subjected to significant compromise through the exploitation of a maximum-severity remote code execution vulnerability impacting the widely used open-source columnar storage format Apache Parquet, tracked as CVE-2025-30065. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using…

If big data systems use the open source file format Apache Parquet when processing data, attacks may be imminent.

Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code

A high-risk vulnerability CVE-2025-30065 (CVSS 10) was found in the Apache Parquet Java library, which can lead to remote code execution; it affects versions 1.15.0 and below and has been fixed in 1.15.1; it was discovered by Amazon employees; vulnerabilities in other Apache projects are frequently exploited.