CSOonline3 天
Big hole in big data: Critical deserialization bug in Apache Parquet allows RCE
A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances. The vulnerability, tracked as CVE-2025-30065 ...
Bleeping Computer4 天
Max severity RCE flaw discovered in widely used Apache Parquet
That being said, if upgrading to Apache Parquet 1.15.1 immediately is impossible, it is suggested to avoid untrusted Parquet files or carefully validate their safety before processing them.