PoC Tool Released for Max Severity Apache Parquet Vulnerability to Detect Affected Servers

A proof-of-concept (PoC) exploit tool has been publicly released for a maximum severity vulnerability in Apache Parquet, enabling security teams to easily identify affected servers. 

The vulnerability, tracked as CVE-2025-30065 with a CVSS score of 10.0, affects a widely-used data format in big data processing and analytics environments.

F5 Labs researchers released the tool on May 5, 2025, after finding that previously circulating PoCs were either non-functional or had limited utility. 

The “canary exploit” tool helps organizations determine if their systems are vulnerable to this critical remote code execution flaw.

“We decided to take a closer look at this issue, because PoCs in circulation either did not work or appeared to us to be of little offensive utility,” researchers said.

Tool to Detect Apache Parquet Code Execution Vulnerability

The vulnerability, first disclosed on April 1, 2025, exists in the parquet-avro module of Apache Parquet 1.15.0 and earlier versions. 

It allows bad actors to execute arbitrary code via schema parsing when processing specially crafted Parquet files. This flaw is particularly concerning for data pipelines and analytics systems that import Parquet files from external or untrusted sources.

F5 Labs’ tool generates a “canary” Parquet file that triggers object instantiation of the Java class javax.swing.JEditorKit with a String parameter, causing an HTTP GET request to a specified URL. 

When vulnerable systems process this file, they make a callback to the URL, confirming their vulnerability.

Using the tool with the following commands:

The tool is available on GitHub. Technical analysis by F5 Labs revealed that while the vulnerability has maximum severity rating, practical exploitation is somewhat challenging. 

The flaw only allows attackers to trigger instantiation of Java objects from classes already in the target’s classpath with a single String argument constructor.

“While Parquet and Avro are used widely, this issue requires a specific set of circumstances that isn’t all that likely in general,” notes the F5 Labs report. 

However, the researchers emphasize that Parquet’s ubiquitous presence in AI and ML pipelines makes it essential for organizations to check their implementations.

Organizations using Apache Parquet should take immediate action by:

• Upgrading to Apache Parquet version 1.15.1 or later.
• Configuring org.apache.parquet.avro.SERIALIZABLE_PACKAGES to restrict which packages are allowed for deserialization.
• Avoiding the wildcard setting (*) for the above configuration.
• Conducting dependency reviews to identify vulnerable versions.
• Avoiding processing Parquet files from untrusted sources.

This vulnerability adds to a growing list of critical flaws in Apache projects that have attracted attention from threat actors. 

Just last month, a critical vulnerability in Apache Tomcat (CVE-2025-24813) came under active exploitation within 30 hours of its disclosure. Organizations managing data pipelines are urged to assess their exposure to this vulnerability promptly.

Tax Scams Are Getting Smarter – Check Malicious Domains With Domain Research Suite

The post PoC Tool Released for Max Severity Apache Parquet Vulnerability to Detect Affected Servers appeared first on Cyber Security News.