F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers vulnerable to the recently disclosed Apache Parquet vulnerability, CVE-2025-30065.
This vulnerability, which received a maximum CVSS score of 10.0, puts countless data-driven environments at risk due to issues in the popular Apache Parquet Java library’s parquet-avro Maven module.
Understanding CVE-2025-30065
Announced on April 1, 2025, CVE-2025-30065 quickly became a source of widespread concern in enterprise IT circles.
.png
)
Apache Parquet, a fundamental component in the Hadoop ecosystem and widely used in AI, machine learning, and data analytics pipelines, was found to be exposing servers to risk via its deserialization process.
Specifically, the vulnerability permitted unrestricted Java class references for string parameter coercion, potentially enabling attackers to instantiate arbitrary Java classes-albeit only those with a single-string constructor already present in the server’s classpath.
While the range of exploitation is limited (full remote code execution is not directly possible), the risk remains significant where attackers can coerce the system into instantiating a class with side effects, such as making HTTP requests.
For many organizations, tracing the presence of a vulnerable version of Parquet deep within complex service environments and dependency trees is an arduous and error-prone process.
As a result, even after patches were issued, security teams found it difficult to reliably verify whether mitigation steps had been effective across their infrastructure.
To address this gap, researchers at F5 Labs developed and released a “canary exploit” tool-a specialized PoC that generates a crafted Parquet/Avro file to safely test for the vulnerability.
The tool works by attempting to instantiate the javax.swing.JEditorKit class with a string URL argument.
If the targeted system is unpatched, this operation results in an outbound HTTP request, which can be monitored as a detection “canary,” signaling the presence of the vulnerability without causing unintended harm.
The tool is openly available on F5 Labs’ GitHub repository and includes setup instructions for Linux, Windows, and Mac platforms.
“We developed this tool to empower developers and security teams to rapidly, safely, and conclusively determine their exposure to this critical issue,” said the F5 Labs team. “Quick, robust assessments minimize business disruption, particularly in environments with complex or obscure service dependencies.”
Organizations are encouraged to patch vulnerable Parquet libraries and utilize available testing tools to ensure their data processing environments are protected from this and similar vulnerabilities.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
 tool designed to help organizations detect servers vulnerable to the recently disclosed Apache Parquet vulnerability.){kind=link}