![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 69%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,510 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 50%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Hi @Carla Villegas PascoThank you for raising this important security concern.
We are aware of CVE-2025-30065, which affects certain versions of the Apache Parquet library, including version 1.13.1, due to a vulnerability in how metadata is handled.
At this time, Microsoft has not yet released a public security advisory specifically addressing the impact of this CVE on Azure Data Factory (ADF), Microsoft Fabric, or Azure Synapse Analytics.
Current Guidance
- Microsoft continuously evaluates and patches any third-party library vulnerabilities (including Apache libraries) used in our managed services.
- If there is confirmed impact, Microsoft typically publishes advisories via:
- For now, we recommend keeping an eye on the MSRC site and Azure updates for any official statement.
- If your organization has heightened exposure or regulatory needs, you may raise a support ticket through the Azure Portal to get an official position under NDA from Microsoft support or the product team.
I hope this information helps. Please do let us know if you have any further queries.
Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.