ГлавнаяУязвимости → CVE-2025-30065
9.8критическая

CVE-2025-30065

→ есть в БДУ: BDU:2025-03991 (на русском)
Описание (на английском; русское — в БДУ выше)

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Затрагиваемое ПО
Apache Parquet java
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5http://www.openwall.com/lists/oss-security/2025/04/01/1https://access.redhat.com/security/cve/CVE-2025-30065https://github.com/apache/parquet-java/pull/3169https://news.ycombinator.com/item?id=43603091https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.javahttps://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java