The Java Apache Parquet Library revealed the maximum security of security security, which, if successfully used, can allow a remote attacker to perform an arbitrary code in sensitive instances.
Apache Parquet is a free open source data file format designed to process data and search effectively, providing sophisticated data, high-performance compression and coding schemes. It was first launched in 2013.
The vulnerability in question is monitored as Cve-2025-30065. It carries CVS 10.0.
“The scheme scheme in the Parquet-AVRO module with Apache Parquet 1.15.0 and the previous versions allows the bad actors to perform the arbitrary code,” the project’s advisory service said.
According to the Endor Labs, successful exploitation of the deficiency requires the deception to read a specially designed parquet file to obtain the code.
“This vulnerability can affect data pipelines and analytical – Note. “If the attackers can cheat files, the vulnerability can be launched.”
The disadvantage affects all versions of the software up to 1.15.0. It was considered in version 1.15.1. Keyi Li with Amazon is attributed to detecting and a shortage report.
Although there is no evidence that the deficiency was used in wild, vulnerability in Apache projects became lightning rod for threatening subjects that seek conjunctionally disruption of the systems and deploy malicious software.
Last month Critical Lack of Security in Apache Tomcat (Cve-2025-24813CVSS assessment: 9.8) got under active operation Within 30 hours after public disclosure.
In an analysis published this week, Cloud Security Aqua said she had discovered a new attack on the attack, directed at the Apache Tomcat server with a simple to deploy encrypted useful loads designed for SSH powers for the side movement and ultimate Crypto-star.
Useful loads are also capable of installing persistence and acting as a Java-based web-based item that “allows the attacker to perform an arbitrary Java code on the server”, Assaf Morag, threatening exploration director, Aqua, – Note.
“In addition, the scenario is designed to check if the user has root privileges, and if so it performs two features that optimize CPU consumption to improve criminal mouse results.”
A company that affects both Windows and Linux Systems is probably evaluated by a Chinese-speaking threatening actor because of Chinese comments in the Source Code.
