CVE-2025-4574: Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Security readout for executives and security teams
Plain-English summary
This flaw is a memory-safety bug in the Rust crossbeam-channel crate. A race during cleanup can double-free memory, potentially causing corruption or crashes. Business impact is most relevant where affected versions are bundled into Red Hat packages or internal Rust software. The bundle does not show confirmed exploitation.
Executive priority
Treat this as a moderate-priority dependency and platform remediation issue. It is not listed as known exploited, but memory corruption in widely reused components deserves timely inventory, vendor tracking, and routine patch scheduling.
Technical view
CVE-2025-4574 affects crossbeam-channel 0.5.12. The internal Channel Drop implementation has a race condition that can lead to double free, classified as CWE-415. CVSS 3.1 is 6.5 with network attack vector, no privileges, no user interaction, and low integrity and availability impact.
Likely exposure
Exposure is likely through software that embeds crossbeam-channel 0.5.12 or affected Red Hat packages. The bundle lists multiple Red Hat Enterprise Linux packages as affected, including firefox, thunderbird, rust, 389-ds-base, rust-afterburn, and trustee-guest-components in specified releases.
Exploitation context
The source bundle marks KEV as false and provides no cited evidence of active exploitation. The CVSS vector suggests remote reachability in some affected products, but the bundle does not define a complete exploit path, prerequisites inside applications, or real-world abuse.
Researcher notes
Evidence is strongest for the crate-level double-free race and Red Hat product impact. The bundle does not provide exploit details or a named patched version, so remediation should stay tied to upstream GHSA, the referenced pull request, and Red Hat advisories.
Mitigation direction
Inventory Rust dependencies for crossbeam-channel 0.5.12 in applications and vendored source.
Check Red Hat CVE guidance and errata for each listed affected package.
Follow the GitHub advisory and upstream pull request for confirmed fixed versions.
Prioritize vendor-supported package updates over local source edits.
Where no fix is available, reduce exposure of affected services and monitor vendor updates.
Validation and detection
Confirm whether SBOMs or lockfiles include crossbeam-channel 0.5.12.
Map affected Red Hat package names to deployed RHEL versions.
Review vendor status for unaffected versus affected package entries before remediation.
Verify updates replace or remove the vulnerable crate version.
Monitor advisories for changes in exploit status or patched versions.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-415: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The affected technology mentions containers, so container-specific ATT&CK technique review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.