Apache Parquet Java Flaw Opens Door to RCE Attacks

A critical vulnerability has been identified in Apache Parquet Java, an open-source columnar storage format, potentially exposing systems to remote code execution (RCE) attacks. The flaw, tracked as CVE-2025-46762, affects versions 1.15.1 and earlier, according to a disclosure. Attackers could exploit the vulnerability to execute arbitrary code on targeted systems, putting enterprise data and services at risk.

Parquet is widely used in data processing frameworks, and the Java implementation serves as a key component in many analytics pipelines. Security researchers warn that unpatched systems running vulnerable versions may be susceptible to serious compromises if the flaw is actively exploited.

It remains unclear whether any active attacks have been observed in the wild. Organizations using Apache Parquet Java are urged to assess their environments and apply necessary mitigations or updates as soon as they become available. The vulnerability underscores the ongoing risks associated with maintaining outdated open-source software components.