CVE-2025-30065CRITICAL 9.8EPSS p98.4%

CVE-2025-30065CVE-2025-30065

Description

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS37.80% probability of exploitation · percentile 98.4% · 2026-06-19T12:03:05Z
Published2025-04-01
Last modified2025-07-28

Underlying weaknesses· 1

CWE-502

References

  1. https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5
  2. http://www.openwall.com/lists/oss-security/2025/04/01/1
  3. https://access.redhat.com/security/cve/CVE-2025-30065
  4. https://github.com/apache/parquet-java/pull/3169
  5. https://news.ycombinator.com/item?id=43603091
  6. https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/
  7. https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java
  8. https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-46762
CVE
CVE-2026-24015
CVE
CVE-2025-47436
CVE
CVE-2025-46183
CVE
CVE-2025-27531
CVE
CVE-2026-46718
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.