Skip to main content
To homepage To homepage

Dear Customers,
We would like to update you regarding the potential impact of CVE-2025-30065, a recently disclosed vulnerability affecting certain versions of the Apache Parquet library.
Our product uses Parquet.Net for reading and writing Parquet files, and this library is not affected by the CVE in question. As such, there is no exposure to this vulnerability within the core functionality of our application.
However, we do offer integration with Microsoft Fabric and support Delta Lake table operations via Spark notebooks. In these environments, we rely on infrastructure managed by Microsoft, including their use of Apache Parquet.  Through internal testing, we’ve verified that both Microsoft Fabric and Azure Data Factory (ADF) currently utilize Apache Parquet version 1.13.1, a version known to be vulnerable under CVE-2025-30065.
At this time, Microsoft has not issued an official security advisory or guidance regarding the vulnerability’s impact on their services (e.g., Fabric, ADF, or Synapse).

Risk Summary

  • Exploitability depends on whether an attacker can control the Parquet file metadata or payload processed within the Microsoft-managed Spark environments.
  • If an attacker can supply a malicious file to these services, there's potential for remote code execution.

Current Mitigation Steps

  • Internally, we do not use the vulnerable Parquet components in our own codebase.
  • We recommend applying strict access controls around Spark notebook execution and Parquet file ingestion, particularly in Fabric and ADF.
  • We have initiated communication with Microsoft requesting an update or patch to the vulnerable Parquet version.
  • As a precaution, we suggest monitoring all data ingestion pipelines for suspicious Parquet file activity until a patch is confirmed.

Next Steps

We are continuing to monitor for updates from Microsoft and will inform you as soon as a patch or official mitigation guidance becomes available. If you operate Spark notebooks or ingest external Parquet data in these environments, please reach out to us for further assistance in securing your configuration.

Be the first to reply!
Terms and ConditionsCookie settings