CVE-2025-48431
Received Received - Intake
Mismatched Memory Management in Apache Thrift c_glib Causes Crash

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: Apache Software Foundation

Description
Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-48431
EUVD
EUVD-2025-209581
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache thrift to 0.23.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-762 The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-48431 is a vulnerability in the Apache Thrift c_glib language bindings affecting versions prior to 0.23.0.

The issue is a Mismatched Memory Management Routines vulnerability, where specially crafted input can cause a c_glib-based Thrift server to crash with a fatal "free(): invalid pointer" error.

This happens due to improper handling of memory deallocation routines, leading to invalid pointer errors during server operation.

Impact Analysis

This vulnerability can cause a c_glib-based Thrift server to crash when it processes specially crafted requests.

The crash results in a clean but fatal "free(): invalid pointer" error, which can lead to denial of service by making the server unavailable.

Detection Guidance

This vulnerability causes a c_glib-based Thrift server to crash with a fatal "free(): invalid pointer" error message when it receives specially crafted requests.

Detection can involve monitoring server logs or output for the presence of this specific error message indicating a crash due to invalid pointer deallocation.

There are no specific commands provided in the available information to detect this vulnerability directly.

Mitigation Strategies

The recommended immediate mitigation step is to upgrade Apache Thrift to version 0.23.0 or later, as this version contains the fix for the mismatched memory management routines vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48431. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart