Skip to main content

Apache Thrift

1 CVEs product

Monthly

CVE-2025-48431 HIGH PATCH This Week

Remote unauthenticated denial of service in Apache Thrift c_glib language bindings (versions before 0.23.0) allows attackers to crash Thrift servers via specially crafted requests triggering 'free(): invalid pointer' fatal errors. CVSS 7.5 (HIGH) with network vector and low complexity. EPSS score is only 0.02% (4th percentile), indicating very low real-world exploitation probability despite theoretical severity. No active exploitation confirmed (not in CISA KEV); no public POC identified at time of analysis. Vendor-released patch: Apache Thrift 0.23.0.

Denial Of Service Apache Apache Thrift
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated denial of service in Apache Thrift c_glib language bindings (versions before 0.23.0) allows attackers to crash Thrift servers via specially crafted requests triggering 'free(): invalid pointer' fatal errors. CVSS 7.5 (HIGH) with network vector and low complexity. EPSS score is only 0.02% (4th percentile), indicating very low real-world exploitation probability despite theoretical severity. No active exploitation confirmed (not in CISA KEV); no public POC identified at time of analysis. Vendor-released patch: Apache Thrift 0.23.0.

Denial Of Service Apache Apache Thrift
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy