CVE-2018-25025
Description
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A lifetime extension vulnerability in actix-web before 0.7.15 allows memory corruption via unsound string handling.
Vulnerability
The actix-web crate for Rust, before version 0.7.15, contains a memory safety issue where the code unsoundly extends the lifetime of a string, leading to memory corruption [1][3]. This vulnerability is part of a set of multiple memory safety issues reported in the crate [3].
Exploitation
The exact exploitation mechanism is not detailed in the available references; however, the vulnerability is reachable through normal HTTP request handling in affected versions, potentially without authentication [3]. The unsound lifetime extension can be triggered by crafting specific inputs that cause the library to incorrectly extend a string's lifetime.
Impact
Successful exploitation can result in memory corruption, which may lead to arbitrary code execution, information disclosure, or denial of service [3]. The RustSec advisory categorizes this as a memory-corruption vulnerability [3].
Mitigation
The issue is fixed in actix-web version 0.7.15 and later [3]. Users should upgrade to at least 0.7.15 to remediate the vulnerability. No workarounds are documented, and the CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
actix-webcrates.io | < 0.7.15 | 0.7.15 |
Affected products
2- actix-web/actix-webdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-fgfm-hqjw-3265ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-25025ghsaADVISORY
- github.com/actix/actix-web/issues/289ghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/actix-web/RUSTSEC-2018-0019.mdghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2018-0019.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.