Mismatched Memory Management Routines Vulnerability in Apache Thrift by Apache
CVE-2025-48431

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Thrift
Vendor: CVE Published:; 28 April 2026

What is CVE-2025-48431?

A vulnerability exists in Apache Thrift affecting the c_glib language bindings, where specially crafted requests can trigger a crash in the Thrift server. This results in a fatal 'free(): invalid pointer' error. Users are strongly advised to upgrade to version 0.23.0 or later to mitigate this issue and ensure stable server operations.

Affected Version(s)

Apache Thrift 0 < 0.23.0

References

https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925p...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
May 20, 2025

Credit

Hasnain Lakhani

CVE-2025-48431 Data

JSON