CVE-2025-4574

Published: May 13, 2025Modified: Mar 26, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: secalert@redhat.com (Secondary)

Description

In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (4)

https://access.redhat.com/security/cve/CVE-2025-4574

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2358890

Source: secalert@redhat.com

https://github.com/advisories/GHSA-pg9f-39pc-qf8g

Source: secalert@redhat.com

https://github.com/crossbeam-rs/crossbeam/pull/1187

Source: secalert@redhat.com

Timeline

No history available yet.