A proof-of-concept explite tool has been publicly released for maximum severity Apache parquet vulnerability, which has been tracked as the CVE-2025–30065, making it easier to find a weak server.
The device was released by the F5 Labs researchers, who, after finding out, examined the vulnerability that many existing POCs were either weak or completely non-functional.
This device serves as a proof of practical exploitation of CVE-2025–30065 and can also help administrators to evaluate their environment and safe servers.
Apache Parquet is an open-source, column storage format designed for efficient data processing, widely used by large data platforms and data engineering and analytics organizations.
After the earlier discovery by Amazon researcher Kai Li, the defect was revealed on 1 April 2025. It was classified as a remote code execution, which affects all versions of the Apache roof to 1.15.0 and to include.
From a technical point of view, CVE-2025-30065 Apache parquet is a deseerialization defect in Java’s parquet-surplus module, where the library fails to restrict the library, which can be accelerated to the Java classes, when Everro Data Embedded in Panjar files.
On April 2, 2025, Endor Labs published a writing warning about the risk of exploitation and its potential impact on the system that imports wooden wood from external points.
Later analysis by F5 labs suggests that the defect is not a complete deserialization rce, but still can be misused if there are side effects during the urgency of a class, such as a network requesting a network on an attacker-controlled server from a weak system.
However, researchers concluded that practical exploitation is difficult, and CVE-2015-30065 has a limited value for the attackers.
“While the parquet and Evero are widely used, this issue requires a specific set of circumstances that are not all likely,” F5 Labs Report reads,
“Nevertheless, this CVE only allows the attackers to trigger the urgency of a Java object, which should then be a side effect that is useful for the attacker.”
Despite the low probability of exploitation, researchers acknowledge that some organizations process parquet files from external, often rejected sources, and therefore risk is important in some environment.
For this reason, F5 Labs created “Canary Explott” tool (Available on github)) Which triggers the request to obtain an HTTP through the instantation of javax.swing.jeditorkit, allows users to verify the exposure.
In addition to using the tool, it is recommended to upgrade the Apache wood version version 15.1.1 or later, and which packages are allowed for deserialization to configure ‘Org.apache.Parquet.avro.Serializable_Packages’.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
