{question}
Has SingleStore been affected by CVE-2025-30065?
{question}
{answer}
SingleStore leverages Apache Parquet for certain features related to data loading and pipelines. Exploiting CVE-2025-30065 would require users to load potentially malicious Parquet files from untrusted external sources, leading to parsing by the parquet-avro library. While the likelihood of such exploitation in our context is low, we recognize it is not zero. Therefore, out of an abundance of caution, we have addressed this vulnerability in upcoming releases.
-
Helios customers: No action is required. Your databases have already been patched.
-
Self-managed customers: If you are using features involving data loading or pipelines, we recommend upgrading to the latest patched versions:
-
8.7.31 or later (for the 8.7 series)
-
8.9.19 or later (for the 8.9 series)
-
Note: We strongly advise all customers to stay current with the latest supported versions of our software, under our End-of-Life (EOL) policy.
{answer}