A very serious security flaw was found in the Java library of Apache Parquet. If successfully exploited, it could allow any remote attacker to execute arbitrary code on susceptible instances.
Apache Parquet is a free tool used to store and process large amounts of data efficiently and provide support for complex data, high-performance compression, and encoding schemes. It was first launched in 2013.
The vulnerability is tagged CVE-2025-30065 and has a CVSS score of 10.0, meaning a critical level of security risk.
The project maintainer said in an advisory, schema parsing, a serious flaw was found in the parquet-avro module Apache Parquet version 1.15.0 and earlier. This issue can let hackers run harmful codes if the system reads a specially created Parquet file.
According to Endor Labs, the successful execution of the attack requires the victim machine to open and execute one of these files. It could be dangerous for data pipelines and analytics tools that use Parquet files, especially if the files come from unknown or untrusted sources.
All versions up to 1.15.0 are affected. The problem has been fixed in version 1.15.1. Keyi Li from Amazon discovered and reported the issue.
However, there is no evidence of this flaw being exploited in the wild. Vulnerabilities in Apache projects have become a lightning rod for threat actors looking to break into systems and install malware.
Last month, a major security flaw in Apache Tomcat (CVE-2025-24183) was being actively exploited by hackers just 30 hours after it was made public.
Cloud security firm Aqua discovered that a new attack campaign is targeting Apache Tomcat servers with easy-to-guess credentials. Once they get in, they install hidden programs that steal SSH login details and take over the system to secretly mine cryptocurrency.
According to Assaf Morga from Aqua security, the payload used in these attacks can stay hidden on the system and also work as a Java-based web shell, meaning the hacker can run any Java code on the server remotely.
He also explained that the script checks if the user has admin (root) access. If it does, it runs special functions that make the computer run faster for cryptomining.
This attack works on both Windows and Linux computers, and experts think it’s likely being carried out by a Chinese-speaking hacker group because the code includes commands written in Chinese.
