Search for vulnerabilities
Vulnerability details: VCID-91p7-6brm-y3br
Vulnerability ID VCID-91p7-6brm-y3br
Aliases CVE-2025-4574
GHSA-pg9f-39pc-qf8g
Summary crossbeam-channel Vulnerable to Double Free on Drop The internal `Channel` type's `Drop` method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the [upstream description in merge request \#1187](https://github.com/crossbeam-rs/crossbeam/pull/1187#issue-2980761131): > The problem lies in the fact that `dicard_all_messages` contained two paths that could lead to `head.block` being read but only one of them would swap the value. This meant that `dicard_all_messages` could end up observing a non-null block pointer (and therefore attempting to free it) without setting `head.block` to null. This would then lead to `Channel::drop` making a second attempt at dropping the same pointer. The bug was introduced while fixing a memory leak, in upstream [MR \#1084](https://github.com/crossbeam-rs/crossbeam/pull/1084), first published in 0.5.12. The fix is in upstream [MR \#1187](https://github.com/crossbeam-rs/crossbeam/pull/1187) and has been published in 0.5.15
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-415 Double Free
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4574.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2025-4574
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2025-4574
ssvc Track https://access.redhat.com/security/cve/CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2025-4574
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2358890
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2358890
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2358890
cvssv3.1 5.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-pg9f-39pc-qf8g
generic_textual MODERATE https://github.com/crossbeam-rs/crossbeam
cvssv3.1 6.5 https://github.com/crossbeam-rs/crossbeam/pull/1187
generic_textual MODERATE https://github.com/crossbeam-rs/crossbeam/pull/1187
ssvc Track https://github.com/crossbeam-rs/crossbeam/pull/1187
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-4574
generic_textual MODERATE https://rustsec.org/advisories/RUSTSEC-2025-0024.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4574.json
https://access.redhat.com/security/cve/CVE-2025-4574
https://api.first.org/data/v1/epss?cve=CVE-2025-4574
https://bugzilla.redhat.com/show_bug.cgi?id=2358890
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/crossbeam-rs/crossbeam
https://github.com/crossbeam-rs/crossbeam/pull/1187
https://nvd.nist.gov/vuln/detail/CVE-2025-4574
https://rustsec.org/advisories/RUSTSEC-2025-0024.html
1103987 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103987
cpe:/a:redhat:directory_server:11 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11
cpe:/a:redhat:directory_server:12 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:openshift_ai https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai
cpe:/a:redhat:satellite:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
cpe:/a:redhat:trusted_artifact_signer:1 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_artifact_signer:1
cpe:/a:redhat:trusted_profile_analyzer:2 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:2
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
GHSA-pg9f-39pc-qf8g https://github.com/advisories/GHSA-pg9f-39pc-qf8g
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4574.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2025-4574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/ Found at https://access.redhat.com/security/cve/CVE-2025-4574
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2358890
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2358890
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/crossbeam-rs/crossbeam/pull/1187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/ Found at https://github.com/crossbeam-rs/crossbeam/pull/1187
Exploit Prediction Scoring System (EPSS)
Percentile 0.17244
EPSS Score 0.00055
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:45.104956+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-pg9f-39pc-qf8g/GHSA-pg9f-39pc-qf8g.json 37.0.0