关联漏洞
描述
A CVSS 10.0-rated vulnerability in the parquet-avro Java module allows remote code execution via unsafe deserialization when parsing schemas. Tracked as CVE-2025-30065, this flaw affects Apache Parquet ≤ 1.15.0. All users must upgrade to version 1.15.1 immediately to mitigate exploitation risks.
介绍
# TRAI-001 CVE-2025-30065: Apache Parquet Remote Code Execution (RCE) Exploit Simulator
<p align="center">
<img src="https://github.com/ThreatRadarAI/TRA-001-Critical-RCE-Vulnerability-in-Apache-Parquet-CVE-2025-30065-Simulation-/blob/main/src/TRAI-coverlogo.gif" alt="Project Logo" width="800"/>
</p>
*Simulator interface demonstrating the exploit chain*
## 📌 Overview
This repository contains an **educational simulation** of CVE-2025-30065, a critical Remote Code Execution vulnerability in Apache Parquet files. The tool demonstrates how attackers exploit this flaw to gain full system control, while providing mitigation guidance.
**Key Features:**
- Interactive step-by-step exploit simulation
- Realistic terminal output with logging
- Vulnerability details & mitigation strategies
- Safe, non-malicious environment (no actual exploits)
## 🚨 Vulnerability Details
| Category | Description |
|---------------|-------------|
| **CVE ID** | CVE-2025-30065 |
| **Affected** | Apache Parquet <= 2.9.0 |
| **CVSS Score** | 10.0 (Critical) |
| **Attack Vector** | Malicious Parquet file upload |
| **Impact** | Remote Code Execution → Full System Compromise |
### Technical Root Cause
The vulnerability stems from:
1. Unsafe deserialization of column metadata
2. Lack of input validation in Parquet's Java/Scala readers
3. Arbitrary code execution via crafted thrift objects
## 🖥️ Simulation Components
### 1. Exploit Phases
```python
1. Reconnaissance # Scan for vulnerable services
2. Exploitation # Deliver malicious Parquet file
3. Privilege Escalation # Elevate to root/admin
4. Data Exfiltration # Steal AWS creds, DB data, PII
```
### 2. Code Structure
```
├── app.py # Flask backend (simulation API)
├── static/
│ ├── script.js # Terminal & exploit logic
│ └── style.css # Dark theme styling
├── templates/
│ └── index.html # Interactive web interface
├── screenshots/ # Demo images
└── README.md
```
## 🛠️ Setup & Usage
### Prerequisites
- Python 3.8+
- Flask
- Bootstrap 5
### Installation
```bash
git clone https://github.com/yourusername/apache-parquet-rce-simulator.git
cd apache-parquet-rce-simulator
pip install flask
```
### Running the Simulator
```bash
python app.py
```
Visit `http://localhost:5000` to launch the interactive simulator.
## 🎮 Demo Walkthrough
1. **Set Target**
Configure IP (`192.168.1.100`) and port (`8080`)
2. **Execute Phases**
Click through each attack stage:
- Initialize → Recon → Exploit → PrivEsc → Exfiltrate
3. **Review Results**
- Terminal shows realistic exploit output
- Modal displays stolen data (AWS keys, DB creds, PII)
## 🛡️ Mitigation Strategies
```yaml
1. Patching:
- Upgrade to Apache Parquet >= 1.15.1.
2. Defensive Measures:
- Disable unnecessary Parquet endpoints
- Implement file content validation
- Use network segmentation
3. Detection:
- Monitor for abnormal Parquet file processing
- Alert on thrift deserialization errors
```
## ⚠️ Disclaimer
**This is a simulation tool only.** It demonstrates attack methodology for educational purposes. Never use against real systems without permission.
## 📜 License
NA
---
文件快照
[4.0K] /data/pocs/ac1a4c74314c81fb474103641513c9b2407c7ae5
├── [2.7K] app.py
├── [3.4K] Critical RCE Vulnerability in Apache Parquet (CVE-2025-30065).html
├── [4.0K] exploit_modules
│ ├── [ 12K] cve_2025_30065.py
│ └── [4.0K] __pycache__
│ └── [ 14K] cve_2025_30065.cpython-312.pyc
├── [1.6K] license
├── [3.3K] README.md
├── [4.0K] src
│ ├── [ 1] logo
│ ├── [2.4M] TRAI-coverlogo.gif
│ ├── [8.4M] TRAI-logo.gif
│ └── [ 26K] TRAI-logo.jpg
├── [4.0K] static
│ ├── [ 19K] script.js
│ └── [4.1K] styles.css
└── [4.0K] templates
└── [ 16K] index.html
5 directories, 13 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。