PT-2026-35698 · Apache · Apache Thrift

Hasnain Lakhani

Published

2026-04-28

Updated

2026-04-29

CVE-2025-48431

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0

Description Mismatched Memory Management Routines in c glib language bindings allow specially crafted requests to crash a c glib-based Thrift server, resulting in a fatal "free(): invalid pointer" error.

Recommendations Upgrade to version 0.23.0.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-762

Related Identifiers

BIT-THRIFT-2025-48431

CVE-2025-48431

Affected Products

Apache Thrift

PT-2026-35698 · Apache · Apache Thrift

CVE-2025-48431

Weakness Enumeration

Related Identifiers

Affected Products

References · 13