BleepingComputer reports that Amazon Web Services, Google, Microsoft Azure, Hadoop, and other big data platforms could be subjected to significant compromise through the exploitation of a maximum-severity remote code execution vulnerability impacting the widely used open-source columnar storage format Apache Parquet, tracked as CVE-2025-30065.
Attacks leveraging the flaw which was discovered by Amazon researcher Keyi Li to stem from untrusted data serialization could result in system takeovers, data theft or tampering, ransomware compromise, and service disruptions, according to an analysis from Endor Labs. "Despite the frightening potential, it's important to note that the vulnerability can only be exploited if a malicious Parquet file is imported," said Endor Labs, which urged organizations to immediately verify their Parquet software version as those earlier than 1.8.0 could also be affected by the issue. Meanwhile, organizations that cannot promptly apply the Praquet 1.15.1 update were advised to restrict or thoroughly vet untrusted Parquet files, as well as bolster logging and tracking of systems with Parquet.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Clandestine rootkit compromise possible with Linux io_uring interface issue Rootkit compromise on Linux systems could remain undetected through the exploitation of a security issue impacting the Linux kernel interface io_uring, according to BleepingComputer.
