CVE-2025-30065 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
apache	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Vulnerability Media Exposure

[GERMAN] IBM DB2: Mehrere Schwachstellen
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen, oder beliebigen Programmcode auszuführen.
Published: 2025-05-29T22:00:00+00:00
[GERMAN] Schadcode-Attacken auf IBM Db2 und Tivoli Monitoring möglich
Angreifer können IBM Db2 und Tivoli Monitoring attackieren. Sicherheitsupdates schließen mehrere Schwachstellen.
Published: 2025-05-30T11:31:00+00:00

References

https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5

http://www.openwall.com/lists/oss-security/2025/04/01/1

https://access.redhat.com/security/cve/CVE-2025-30065

https://github.com/apache/parquet-java/pull/3169

https://news.ycombinator.com/item?id=43603091

https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/

https://github.com/h3st4k3r/CVE-2025-30065/blob/main/POC-CVE-2025-30065-ParquetExploitGenerator.java

https://github.com/mouadk/parquet-rce-poc-CVE-2025-30065/blob/main/src/main/java/com/evil/GenerateMaliciousParquetSSRF.java