Skip to main content

CVE-2025-30065 Apache Parquet library vulnerability


Christian Hauggaard
Community Manager
Forum|alt.badge.img+5
Dear Customers,
We would like to update you regarding the potential impact of CVE-2025-30065, a recently disclosed vulnerability affecting certain versions of the Apache Parquet library.
Our product uses Parquet.Net for reading and writing Parquet files. This library is implemented in .NET and is not affected by CVE-2025-30065, which specifically targets the parquet-avro module in the Apache Parquet Java ecosystem. Therefore, there is no exposure to this vulnerability within the core functionality of our application.
Microsoft Fabric and Azure Data Factory
We initially flagged potential risk in those environments based on observations that Microsoft Fabric and Azure Data Factory (ADF) make use of Apache Parquet version 1.13.1, which is one of the versions known to be vulnerable to CVE-2025-30065. However, we have since received official clarification from Microsoft confirming:
  • They do not ship the parquet-avro module.
  • The CVE does not apply to their runtime.
This significantly reduces the risk profile, as the vulnerable module is not present in their managed infrastructure.
Did this topic help you find an answer to your question?
This topic has been closed for replies.

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings