{"schema_version": "1.6.1", "id": "CVE-2025-30065", "summary": "Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata", "details": "Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code\n\n\nUsers are recommended to upgrade to version 1.15.1, which fixes the issue.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"last_affected": "0"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5"}]}