- Researchers claim that Apache Parquet wore an error in maximum severity
- It allows threat actors to run arbitrary code
- A patch was released and users are encouraged to apply it
Apache Parquet, a column storage file format, carried a vulnerability of the maximum severity that allowed threat players to run arbitrary code on affected final points.
Parquet is a column storage file format optimized for effective data storage and treatment often used in Big Data and Analytics workload, with Amazon, Google, Microsoft and Meta just some of the big companies that use it.
The error discovered on April 1, 2025, by the Amazon Security Researcher Key LI, is now traced as CVE-2025-30065 and has a maximum difficulty-rate-10/10 (critical).
Patch and mitigation
“Schedule parsing in the parquet-avo module in Apache PARKET 1.15.0 and earlier versions allow bad actors to perform arbitrary code,” reads a brief description on the NVD page. “Users are recommended to upgrade to version 1.15.1 that solves the problem.”
The problem is reportedly derived from the deserialization of non -procedure data that allows threat actors to gain control over target systems via specially designed parquet files.
He warns here is that the victim should be fooled to import the files that the researchers suggest mean that the threat is not so imminent despite 10/10 score.
Those who are unable to upgrade their apache parquet bodies to version 1.15.1 immediately are advised to avoid non -procedured parquet files or at least carefully analyze them before intervening.
In addition, the teams must monitor and log their parquet treatment systems more closely these days.
At the time of the press, there was no evidence of abuse in nature, although hackers usually start scanning for vulnerable final points when a patch is released and bet that many organizations do not apply it on time.
Via Bleeping computer
