Medium severity6.5NVD Advisory· Published May 13, 2025· Updated Apr 15, 2026

CVE-2025-4574

Description

In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
crossbeam-channelcrates.io	>= 0.5.12, < 0.5.15	0.5.15

Patches

596df785c0e6

https://github.com/crossbeam-rs/crossbeamvia osv

PR #1187

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-pg9f-39pc-qf8gnvdADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-4574ghsaADVISORY
access.redhat.com/security/cve/CVE-2025-4574nvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB
github.com/crossbeam-rs/crossbeam/pull/1187nvdWEB
rustsec.org/advisories/RUSTSEC-2025-0024.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000