A critical security vulnerability has been discovered in Apache Parquet’s Java library (specifically in the parquet-avro module). This flaw (identified as CVE-2025-30065) is classified as Deserialization of Untrusted Data (CWE-502) and carries the highest severity rating (CVSS 10.0, “Critical”). This vulnerability can impact data pipelines and analytics systems that import Parquet files, particularly when those files come from external or untrusted sources. If attackers can tamper with the files, the vulnerability may be triggered.
https://www.endorlabs.com/learn/critica ... d-analysis