Ethical Hacking News
A critical vulnerability has been discovered in Apache Parquet, a widely used open-source columnar storage format. This maximum severity vulnerability could allow attackers to execute remote code on vulnerable servers. With the release of a proof-of-concept exploit and a canary tool available for download, organizations must take immediate action to secure their environments and prevent potential attacks.
Apache Parquet has a remote code execution (RCE) vulnerability, CVE-2025-30065, that affects all versions up to 1.15.0. The vulnerability is a deserialization flaw in the parquet-avro module of Apache Parquet Java. Practical exploitation requires specific circumstances and is difficult to occur in general use scenarios. A canary exploit tool is available on GitHub to help administrators evaluate their environments and secure servers. Upgrading to Apache Parquet version 15.1.1 or later, and configuring 'org.apache.parquet.avro.SERIALIZABLE_PACKAGES', are recommended steps to reduce risk.
Apache Parquet is a widely used, open-source columnar storage format designed for efficient data processing. Its popularity stems from its ability to handle large datasets and provide fast performance. However, like any other software, it is not immune to security vulnerabilities.
Recently, a proof-of-concept exploit has been released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065. This vulnerability has garnered significant attention due to its potential impact on servers that process and store large amounts of data in Parquet format.
The vulnerability was first disclosed on April 1, 2025, following an earlier discovery by Amazon researcher Keyi Li. It is categorized as a remote code execution (RCE) impacting all versions of Apache Parquet up to and including 1.15.0. This means that any server using these older versions of the software may be vulnerable to this exploit.
From a technical perspective, CVE-2025-30065 is a deserialization flaw in the parquet-avro module of Apache Parquet Java, where the library fails to restrict which Java classes can be instantiated when reading Avro data embedded in Parquet files. This allows an attacker to trigger the instantiation of a Java object that has side effects, potentially leading to remote code execution.
While this vulnerability may seem severe, F5 Labs researchers have concluded that practical exploitation is difficult and requires specific circumstances that are unlikely to occur in general use scenarios. However, they also acknowledge that some organizations process Parquet files from external, often unverified sources, which increases the risk of exposure.
To help administrators evaluate their environments and secure servers, F5 Labs has created a "canary exploit" tool available on GitHub. This tool triggers an HTTP GET request via instantiation of javax.swing.JEditorKit, allowing users to verify exposure and assess their environment's vulnerability level.
In addition to using the canary exploit tool, it is highly recommended to upgrade to Apache Parquet version 15.1.1 or later, and configure 'org.apache.parquet.avro.SERIALIZABLE_PACKAGES' to restrict which packages are allowed for deserialization. By taking these steps, organizations can significantly reduce their risk of being exploited by this vulnerability.
In conclusion, the recent discovery of CVE-2025-30065 highlights the importance of staying up-to-date with security patches and best practices when handling sensitive data. Organizations must take proactive measures to secure their servers and processes against this critical flaw in Apache Parquet.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Flaw-in-Apache-Parquet-A-Threat-to-Data-Security-ehn.shtml
https://www.bleepingcomputer.com/news/security/apache-parquet-exploit-tool-detect-servers-vulnerable-to-critical-flaw/
https://thehackernews.com/2025/04/critical-flaw-in-apache-parquet-allows.html
Published: Tue May 6 13:58:09 2025 by llama3.2 3B Q4_K_M
