VDB
CGA-cg56-pxjh-wp3m
CGA-cg56-pxjh-wp3m
REJECTED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chainguard | druid-compat | 0, 0, 0 |
| Wolfi | druid | 0, 0, 0 |
| Wolfi | druid-compat | 0, 0, 0 |
| Chainguard | druid | 0, 0, 0 |
Exploit Intelligence
- PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1 (github-poc-repo)
- PoC: CVE-2025-30065 incomplete fix bypass in Apache Parquet Java 1.15.1 (github-poc)
- F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065 (github-poc)
- A CVSS 10.0-rated vulnerability in the parquet-avro Java module allows remote code execution via unsafe deserialization when parsing schemas. Tracked as CVE-2025-30065, this flaw affects Apache Parquet ≤ 1.15.0. All users must upgrade to version 1.15.1 immediately to mitigate exploitation risks. (github-poc)
- mouadk/parquet-rce-poc-CVE-2025-30065 (github-poc)
- CVE-2025-30065 PoC (github-poc)
- PoC (github-poc)
- This PoC targets CVE-2025-30065, an RCE vulnerability in Apache Parquet via Avro schema deserialization. It abuses the getDefaultValue() mechanism to instantiate arbitrary record types during parsing, enabling code execution when untrusted data is processed without proper controls. (github-poc)
- GenerateMaliciousParquetSSRF.java (github-poc)
- GenerateMaliciousParquet.java (github-poc)
…and 8 more exploits
Timeline
- Jan 28, 2026 CVE Rejected