While the technical details of a potential exploit are yet to come, a specific module, Parquet-avro, within the library was discovered allowing deserialization of untrusted data, enabling execution of codes sent remotely in the form of crafted Parquet files.
Any application or service that uses the Java library, including popular big-data frameworks like Hadoop, Spark, and Flink are susceptible to attacks. The resulting remote code execution (RCE) on victim systems can allow attackers to take control of the systems, tamper with or steal data, install malware, or/and disrupt services, Endor labs added.
No known exploits yet
Neither Endor Labs nor NIST’s NVD entry reported any exploit attempts using CVE-2025-30065 as of publication of this article. Apache silently pushed a fix with the release of 1.15.1 on March 16, 2025, with a GitHub redirect to changes made in the update.