A flaw in code for handling Parquet, Apache’s open-source columnar data file format, allows attackers to run arbitrary code on vulnerable instances.
The vulnerability, tracked as CVE-2025-30065, is a deserialization issue (CWE-502) in Parquet’s Java library that allows execution of maliciously crafted Parquet files.
Critical deserialization bug in Apache Parquet allows RCE | InfoWorldRead More
