What is the CVSS score of CVE-2025-48431?

CVE-2025-48431 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Apache Thrift are affected by CVE-2025-48431?

Apache Thrift c_glib language bindings versions before 0.23.0 are vulnerable to unauthenticated remote denial of service attacks that can crash Thrift servers.. A patch is available.

How to fix or mitigate CVE-2025-48431?

Within 24 hours: Identify all systems running Apache Thrift c_glib versions prior to 0.23.0 using inventory and dependency scanners. Within 7 days: Upgrade Apache Thrift to version 0.23.0 or later on all affected systems; test in staging environment first. Within 30 days: Verify patch deployment across all production and development environments and document completion in asset management systems.

Apache Thrift CVE-2025-48431

EUVD-2025-209581 HIGH

Mismatched Memory Management Routines (CWE-762)

2026-04-28 apache

Denial Of Service Apache

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 28, 2026 - 18:40 nvd

Patch available

Re-analysis Queued

Apr 28, 2026 - 16:37 vuln.today

cvss_changed

Analysis Generated

Apr 28, 2026 - 15:23 vuln.today

CVSS changed

Apr 28, 2026 - 15:22 NVD

7.5 (HIGH)

Patch available

Apr 28, 2026 - 11:01 EUVD

EUVD ID Assigned

Apr 28, 2026 - 10:00 euvd

EUVD-2025-209581

Analysis Generated

Apr 28, 2026 - 10:00 vuln.today

CVE Published

Apr 28, 2026 - 09:11 nvd

HIGH 7.5

DescriptionNVD

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings.

This issue affects Apache Thrift: before 0.23.0.

Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Description: Specially crafted requests can crash an c_glib-based Thrift server with a clean but fatal "free(): invalid pointer" error message.

AnalysisAI

Remote unauthenticated denial of service in Apache Thrift c_glib language bindings (versions before 0.23.0) allows attackers to crash Thrift servers via specially crafted requests triggering 'free(): invalid pointer' fatal errors. CVSS 7.5 (HIGH) with network vector and low complexity. EPSS score is only 0.02% (4th percentile), indicating very low real-world exploitation probability despite theoretical severity. No active exploitation confirmed (not in CISA KEV); no public POC identified at time of analysis. Vendor-released patch: Apache Thrift 0.23.0.

Technical ContextAI

Apache Thrift is a cross-language RPC framework for scalable services. The c_glib language bindings provide GLib-based C implementations for Thrift servers. This vulnerability stems from CWE-762 (Mismatched Memory Management Routines), where memory allocated via one method is freed using an incompatible function. The specific CPE (cpe:2.3:a:apache_software_foundation:apache_thrift) identifies all Apache Thrift versions prior to 0.23.0 when using c_glib bindings. The memory mismatch causes invalid pointer dereferences during request processing, resulting in clean but fatal crashes with glibc's memory corruption detection triggering 'free(): invalid pointer' errors.

RemediationAI

Upgrade to Apache Thrift version 0.23.0 or later, which contains the fix for mismatched memory management in c_glib bindings. Download from official Apache Thrift releases and verify checksums. Full vendor advisory with upgrade instructions available at https://lists.apache.org/thread/lb4j0zyd5f3g36cos0wql925przpnwql. If immediate upgrade is not feasible, implement network-level compensating controls: deploy rate limiting on Thrift endpoints to mitigate DoS impact (reduces attacker's ability to sustain crashes but does not prevent individual crashes); restrict Thrift server access to trusted networks only via firewall rules (eliminates remote attack vector but breaks internet-facing services); deploy monitoring for 'free(): invalid pointer' crashes with automatic service restart (maintains availability but does not prevent exploitation). Workaround trade-offs: rate limiting may impact legitimate high-volume clients; network restrictions require VPN/allowlist management overhead; auto-restart creates brief service interruptions and may mask ongoing attacks. Migration to a non-c_glib language binding (if application architecture permits) provides complete mitigation but requires code refactoring.

More from same product – last 7 days

CVE-2025-48977 HIGH This Week

8.5 May 28

Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the serve

CVE-2026-42782 HIGH This Week

7.2 May 25

Code execution via Groovy sandbox bypass in Apache Syncope 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0 allows a hig

CVE-2026-43827 MEDIUM This Month

5.9 May 25

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0

CVE-2026-43828 MEDIUM This Month

5.9 May 25

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue

CVE-2026-44598 MEDIUM This Month

5.1 May 25

With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vu

CVE-2025-48431 vulnerability details – vuln.today

Back

Apache Thrift CVE-2025-48431

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code