A critical remote code execution (RCE) vulnerability in Apache Parquet’s Java library (CVE-2025-30065), rated with a maximum CVSS score of 10.0, has sent shockwaves through the big data and cloud computing industries.
The flaw, rooted in insecure deserialization within the parquet-avro module, enables attackers to execute arbitrary code by exploiting maliciously crafted Parquet files.
https://cyberpress.org/poc-apache-parqu ... erability/