Max severity RCE flaw discovered in widely used Apache Parquet

A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous payloads such as ransomware. The vulnerability is tracked under CVE-2025-30065 and has a CVSS v4 score of 10.0. The flaw was fixed with the release of Apache version 1.15.1. It should be noted that to exploit this flaw, threat actors must convince someone to import a specially crafted Parquet file. Severe threat to "big data" environments Apache Parquet is an open-source, columnar storage format designed for efficient data processing. Unlike row-based formats (like CSV), Parquet stores data by columns, which makes it faster and more space-efficient for analytical workloads. It is widely adopted across the dat ... Read full article.