CVE-2025-30065: Apache Parquet Schema Deserialization RCE
A maximum-severity remote code execution vulnerability in Apache Parquet's Java library allows attackers to execute arbitrary code on any system that reads a maliciously crafted Parquet file. CVSS 10.0. Affects virtually every big data pipeline using the Parquet format — Spark, Flink, Hive, and cloud data warehouses.
| Attribute | Value |
|---|---|
| CVE ID | CVE-2025-30065 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CWE | CWE-502: Deserialization of Untrusted Data |
| Published | April 1, 2025 |
| Exploitation | No active exploitation reported (public PoC exists) |
What Is CVE-2025-30065?
Apache Parquet is a columnar storage format widely used in big data ecosystems. The parquet-avro module in versions up to 1.15.0 contains a deserialization vulnerability in the schema parsing code. When a Java application reads a Parquet file containing a crafted Avro schema, the parser deserializes attacker-controlled class references, leading to arbitrary code execution in the context of the reading application.
This is particularly dangerous because data pipelines routinely ingest Parquet files from external sources: S3 buckets, data partners, user uploads, ETL integrations. Any pipeline that processes untrusted Parquet files is vulnerable.
⚠ Supply Chain Attack Vector
CVE-2025-30065 creates a compelling supply chain attack scenario: an attacker who can inject malicious Parquet files into a data pipeline (via compromised data vendor, S3 bucket misconfiguration, or man-in-the-middle attack) gains code execution in the data processing infrastructure — potentially AWS EMR, Databricks, Azure HDInsight, or on-premises Hadoop clusters running with privileged cloud credentials.
Affected Systems
| Component | Affected Versions | Fixed Version |
|---|---|---|
| parquet-avro (Java) | <= 1.15.0 | 1.15.1+ |
| Apache Spark (uses parquet-avro) | Any using affected library | Update library |
| Apache Flink | Any using affected library | Update library |
| Apache Hive | Any using affected library | Update library |
| Amazon EMR | Versions using parquet-avro <= 1.15.0 | Upgrade EMR or override JAR |
| Databricks Runtime | Versions using affected library | Databricks patch DBR versions |
Technical Details
The vulnerability is in the AvroSchemaConverter class within parquet-avro. When converting Parquet schema to Avro schema, the code processes schema metadata that can contain arbitrary class names. These class names are used in reflective instantiation without allowlist validation.
# Conceptual representation of vulnerable code path
public Schema convert(MessageType parquetSchema) {
// Schema metadata can contain attacker-controlled strings
String javaClass = parquetSchema.getField("java_class");
// Dangerous: instantiates arbitrary class from string
Class> clazz = Class.forName(javaClass); // RCE here
return clazz.newInstance();
}
# Crafted Parquet file with malicious schema (conceptual)
{
"schema": {
"type": "record",
"name": "exploit",
"fields": [],
"java_class": "com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl",
"avro.java.string": "[base64-encoded malicious bytecode]"
}
}
Gadget Chain Exploitation
The attacker creates a Parquet file where the Avro schema metadata references a Java gadget chain — a sequence of class instantiations that ultimately leads to arbitrary code execution. Commons Collections, Spring Framework, and other common Java libraries provide suitable gadget chains for this attack.
Who Is Exposed
Any Java application that:
- Uses
parquet-avroversion 1.15.0 or earlier - Reads Parquet files from external or potentially untrusted sources
- Has not implemented file source validation
High-risk environments include:
- Data lakes: S3/GCS/ADLS buckets ingesting partner data
- Analytics platforms: Self-service data upload features
- ETL pipelines: Any pipeline reading from external data sources
- Data marketplaces: Platforms distributing Parquet datasets
- ML training pipelines: Training data ingestion from external sources
Mitigation
- Upgrade parquet-java to 1.15.1+: The fix adds allowlist validation for class names in schema metadata
- Audit Parquet file sources: Inventory all locations where Parquet files enter your environment
- Implement file source validation: Only process Parquet files from cryptographically verified sources
- Run data pipelines with minimal privileges: Limit the blast radius by ensuring pipeline execution roles have least-privilege IAM policies
- Network egress restrictions: Data processing clusters should have restricted outbound internet access to limit post-exploitation impact
- Deploy Java deserialization protections: Tools like SerialKiller can provide defense-in-depth against deserialization attacks
KENSAI Detection Capability
- Dependency scanning: KENSAI's SCA scanner identifies
parquet-avroversions <= 1.15.0 in Java application dependencies and Maven/Gradle build files - Container image scanning: Detects vulnerable JAR files in Docker images and Kubernetes deployments
- Pipeline exposure assessment: Identifies data pipelines with external-facing Parquet ingestion endpoints
- Cloud asset inventory: Maps EMR clusters, Databricks workspaces, and other data processing infrastructure for version assessment
Is Your Data Pipeline Vulnerable to CVE-2025-30065?
KENSAI scans your Java applications, container images, and cloud data infrastructure for vulnerable Parquet versions. Protect your data pipelines before attackers exploit them.
Scan Your Data Infrastructure →