Critical Security Flaw Resolved in Apache Parquet

A significant security vulnerability has been addressed in Apache Parquet, an open-source file format widely utilized in big data systems for efficient data storage and querying. A newly released security patch is now available for download.

The flaw, classified as CVE-2025-30065, was identified in version 1.15.1 of the software, with earlier versions remaining susceptible. This vulnerability has been rated as 'critical,' receiving a maximum Common Vulnerability Scoring System (CVSS) score of 10 out of 10. It specifically impacts the parquet-avro module of the Apache Parquet Java library.

According to security researchers from Endor Labs, attackers can exploit this vulnerability by using specially crafted files. Due to insufficient validation processes, these files are processed, allowing malicious code to infiltrate systems. Once this occurs, attackers can install malware and potentially take full control of affected computers.

All applications leveraging Apache Parquet are believed to be at risk, including systems processing Parquet files in conjunction with big data frameworks like Hadoop or Spark. System administrators are strongly advised to verify their usage of Apache Parquet.

Currently, there have been no reported attacks exploiting this vulnerability. However, given its critical classification, it is imperative for administrators to install the security update promptly. If immediate installation is not feasible, monitoring and logging of Parquet file processing should be strictly enforced to mitigate potential risks.