Is KNIME Extension for Big Data File Formats affected by CVE-2025-30065 vulnerability?

atiorile · April 4, 2025, 5:44pm

parquet-java prior to v 1.15.1 is affected by the vulnerability below:

Max severity RCE flaw discovered in widely used Apache Parquet

As far as I know, KNIME Extension for Big Data File Formats v 5.4.0 has parquet-java v 1.14.2. So, it would be affected by the vulnerability above.

However, the vulnerability within parquet-java is specifically located in parquet-avro. I wonder if that means we’d not be affected as long as we don’t deal with Avro files. Could parquet-avro be used for anything beyond processing Avro files?

Please let us know what you think about this parquet-java vulnerability.

sascha.wolke · April 7, 2025, 8:33am

Hi @atiorile,

Can confirm that the Big Data File Formats and the parquet reader do not use parquet-avro, and are not affected by CVE-2025-30065.

atiorile · April 7, 2025, 12:15pm

Thanks for confirming @sascha.wolke!

system · April 14, 2025, 12:15pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.