CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4574: Crossbeam-channel: crossbeam-channel vulnerable to double free on drop

Description

In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Classification

CVE ID: CVE-2025-4574

Problem Types

Double Free

Affected Products

Vendor:

Product:

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 15.02% (scored less or equal to compared to others)

EPSS Date: 2025-06-11 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4574
https://access.redhat.com/security/cve/CVE-2025-4574
https://bugzilla.redhat.com/show_bug.cgi?id=2358890
https://github.com/crossbeam-rs/crossbeam/pull/1187

Timeline

2025-05-13 22:40:19 UTC
CVE

Crossbeam-channel: crossbeam-channel vulnerable to double free on drop