Dear Customers,
We would like to update you regarding the potential impact of CVE-2025-30065, a recently disclosed vulnerability affecting certain versions of the Apache Parquet library.
We would like to update you regarding the potential impact of CVE-2025-30065, a recently disclosed vulnerability affecting certain versions of the Apache Parquet library.
Our product uses Parquet.Net for reading and writing Parquet files. This library is implemented in .NET and is not affected by CVE-2025-30065, which specifically targets the parquet-avro module in the Apache Parquet Java ecosystem. Therefore, there is no exposure to this vulnerability within the core functionality of our application.
Microsoft Fabric and Azure Data Factory
Microsoft Fabric and Azure Data Factory
We initially flagged potential risk in those environments based on observations that Microsoft Fabric and Azure Data Factory (ADF) make use of Apache Parquet version 1.13.1, which is one of the versions known to be vulnerable to CVE-2025-30065. However, we have since received official clarification from Microsoft confirming:
- They do not ship the parquet-avro module.
- The CVE does not apply to their runtime.
This significantly reduces the risk profile, as the vulnerable module is not present in their managed infrastructure.