The Java library in Apache Parquet discloses the largest severity security vulnerability, allowing remote attackers to execute arbitrary code on their sensitive instances.
Apache Parquet is a free, open source column data file format designed for efficient data processing and searching, providing support for complex data, high performance compression, and encoding schemes. It was first released in 2013.
The vulnerability in question is tracked as CVE-2025-30065. There is a CVSS score of 10.0.
“Schema analysis in Apache Parquet 1.15.0 and earlier versions of Parquet-Avro modules allows bad actors to execute arbitrary code,” the project maintainer said in its advisory.
According to Endor Labs, for a successful exploitation of a defect, it requires deceiving vulnerable systems to read a parquet file specifically created to obtain code execution.
“This vulnerability could affect the data pipeline and analysis systems that import parquet files, particularly if these files come from external or untrusted sources,” the company said. “Attackers could tamper with files, which could trigger a vulnerability.”
This drawback affects all versions of software up to 1.15.0. Addressed in version 1.15.1. It is believed that Amazon’s Keyi Li discovered and reported the defect.
While there is no evidence that the flaws are being exploited in the wild, the vulnerability in the Apache project has been opportunistically compromised for threat actors and lightning bolts for threat actors seeking to deploy malware.
Last month, a serious security flaw in Apache Tomcat (CVE-2025-24813, CVSS score: 9.8) was subjected to active exploitation within 30 hours of public disclosure.
Cloud security company Aqua said in an analysis published this week that it discovered a new attack campaign targeting Apache Tomcat servers.
The payload can also establish persistence and act as a Java-based web shell that allows attackers to run arbitrary Java code on the server.
“In addition, the script is designed to check if the user has root privileges, and in that case it will run two functions that optimize CPU consumption to perform better encryption results.”
Campaigns that affect both Windows and Linux systems may be rated as the work of Chinese-speaking threat actors, as there are Chinese comments in the source code.
Source link
