Short Description:
A newly disclosed critical vulnerability (CVE-2025-30065) in Apache Parquet, a popular open-source file format used for big data processing, could allow remote code execution (RCE) if a system imports a specially crafted malicious Parquet file. This flaw, rated with the highest CVSS severity score of 10.0, affects the parquet-java library (formerly parquet-mr).
Impact:
While this vulnerability sounds alarming, the likelihood of real-world exploitation is considered low. Exploitation requires a rare scenario: an application or developer must process a malicious Parquet file from an untrusted external source—an uncommon pattern in most production environments.
That said, the risk isn’t zero. A potential vector could be developers importing sample Parquet files from community forums like Stack Overflow or GitHub, inadvertently executing malicious code on local machines.
If your systems or development environments rely on Apache Parquet and automatically ingest files from untrusted sources, this CVE could pose a serious risk.
Mapping the CVE-2025-30065 in Your Organization:
The first step in managing an incident is to map affected software within your organization’s assets. Defender Vulnerability Management solution provides a comprehensive vulnerability assessment across all your devices.
Using Advanced Hunting
To map the presence of the CVE-2025-30065 in your environment, you can use the following KQL query or this link, this query searches software vulnerabilities related to the specified CVE and summarizes them by resource name, OS version and resource ID:
let cveId = "CVE-2025-30065";
ExposureGraphEdges
| where EdgeLabel == "affecting"
| where SourceNodeName == cveId
| distinct TargetNodeId, TargetNodeLabel, TargetNodeName
*This is for Defender DCSPM customers plan or MTP eligible.
Using Cloud Security Explorer
You can use the Cloud Security Explorer feature within Defender for Cloud to perform queries related to your posture across Azure, AWS, GCP, and code repositories. This allows you to investigate the specific CVE, identify affected machines, and understand the associated risks.
We have created specific queries for this CVE that help you to easily get an initial assessment of the threat this vulnerability creates for your organization, with choices for customization:
* To view the data in security explorer, you will need to have at least one of the following plans: Defender DCSPM, Defender for Containers, or Defender for Servers.
Recommendations for Mitigation and Best Practices
Mitigating risks associated with vulnerabilities requires a combination of proactive measures and real-time defenses. Here are some recommendations:
- Apply Patches and Updates: To remediate the risk, please update the vulnerable parquet-java library to the fixed version 1.15.1.
- Remediate vulnerabilities: Use Defender for Cloud ‘remediate vulnerabilities’ recommendations to remediate affected VMs and containers across your multi-cloud environment. (learn more).
- The "Emerging Threat" risk factor: Use Defender for cloud risk factor that serves as a critical tool for highlighting resources that are vulnerable, ensuring that recommendations for patching these vulnerabilities are prioritized accordingly. This risk factor undergoes regular updates to align with the latest trends and active campaigns, thereby maintaining its relevance and effectiveness in the ever-evolving landscape of cybersecurity threats. For the following few weeks it will highlight resources vulnerable to this vulnerability.
Coverage and detections:
Currently, our solutions surface the vulnerable CVE to containers and repositories. However, endpoints and VMs are not yet displaying this detection. We are actively working to provide full coverage, and you will soon be able to see this detection as well.
Microsoft