CVE-2025-30065

Severity CVSS v4.0:
CRITICAL
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
01/04/2025
Last modified:
28/07/2025

Description

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:parquet_java:*:*:*:*:*:*:*:* 1.15.1 (excluding)