CVE-2026-25087 — Use After Free in Apache Arrow

CWE-416 — Use After Free CWE-825 — Expired Pointer Dereference7 documents7 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 87.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Arrow Apache Software Foundation Apache Arrow

Timeline

PublishedFeb 17

Description

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with variadic buffers (such as Binary View and String View data). Depending on the number of variadic buffers in a record batch column and on the temporal sequence of multi-threaded IO, a write to a dangling pointer could occur. The value (a `std::shar…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 2.2 | Impact: 4.7

Affected Packages2 packages

▶NVDapache/arrow15.0.0 — 23.0.1

▶CVEListV5apache_software_foundation/apache_arrow15.0.0 — 23.0.0

Patches

Patch: github.com ↗

🔴Vulnerability Details

CVEList

Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering↗2026-02-17

▶

GHSA

GHSA-rgxp-2hwp-jwgg: Use After Free vulnerability in Apache Arrow C++↗2026-02-17

▶

OSV

CVE-2026-25087: Use After Free vulnerability in Apache Arrow C++↗2026-02-17

▶

📋Vendor Advisories

Red Hat

apache-arrow: Apache Arrow C++: Denial of Service via Use After Free vulnerability when reading IPC files↗2026-02-17

▶

Debian

CVE-2026-25087: apache-arrow - Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arr...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-25087 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶