Exploit for CVE-2025-30065

Name: Exploit for CVE-2025-30065
Rating: 5 (44 reviews)
2025-04-07 | CVSS 10.0
## https://sploitus.com/exploit?id=E63DA33B-E0FD-5535-8D2F-CD6F8E5A9D1E
# CVE-2025-30065

This repository illustrates how to exploit CVE-2025-30065 and achieve remote class instantiation and  trigger a 
network request from within the victim application i.e the JVM thereby achieving SSRF.

The generated parquet in [Malicious.java](src%2Fmain%2Fjava%2Fcom%2Fevil%2FMalicious.java) assumes that the class [RCEPayload.java](src%2Fmain%2Fjava%2Fcom%2Fevil%2FRCEPayload.java)
is present in the classpath which is not realistic. You can trigger that PoC by executing [Reader.java](src%2Fmain%2Fjava%2Fcom%2Fvictim%2FReader.java).

![image.png](images%2Fimage.png)


[MaliciousSSRF.java](src%2Fmain%2Fjava%2Fcom%2Fevil%2FMaliciousSSRF.java) is more feasible (from an attacker perspective) and triggers a network connection which could be internal or external.
One could also find other gadgets to achieve RCE (what is tricky is to find an instructor accepting a string as arg and leading to a RCE it is not like plain java deser). 
Similarly, PoC can be executed using [ReaderSSRF.java](src%2Fmain%2Fjava%2Fcom%2Fvictim%2FReaderSSRF.java).
![image-ssrf.png](images%2Fimage-ssrf.png)

For more details about the internal of the vulnerability and the fix, you can have a look at my blogpost:  www.deep-kondah.com/parquet-under-fire-a-technical-analysis-of-cve-2025-30065