CVE-2025-4574

🗓️ 13 May 2025 21:47:24Reported by redhatType

Crossbeam-channel has a vulnerability allowing double-free on drop, risking memory corruption.

Reporter	Title	Published	Views	Family All 132
IBM Security Bulletins	Security Bulletin: IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574.	3 Nov 202509:28	–	ibm
Tenable Nessus	Azure Linux 3.0 Security Update: azl-compliance / rust (CVE-2025-4574)	11 Jul 202500:00	–	nessus
Tenable Nessus	Fedora 42 : ruff / rust-hashlink / rust-rusqlite (2025-04894ce9bd)	14 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 43 : python-watchfiles (2025-165ec5fe3b)	12 Aug 202500:00	–	nessus
Tenable Nessus	Fedora 42 : rust-az-cvm-vtpm / rust-az-snp-vtpm / rust-az-tdx-vtpm / etc (2025-2408b72979)	25 Sep 202500:00	–	nessus
Tenable Nessus	Fedora 41 : rust-git-interactive-rebase-tool (2025-26640e9e35)	17 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 41 : atuin / awatcher / gotify-desktop / keylime-agent-rust / etc (2025-297c7ac7fe)	25 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 42 : tuigreet (2025-369dc8a50e)	11 Sep 202500:00	–	nessus
Tenable Nessus	Fedora 43 : rust-git-interactive-rebase-tool (2025-3b4c75f23c)	8 Jun 202500:00	–	nessus
Tenable Nessus	Fedora 42 : libkrun / rust-kbs-types / rust-sev / rust-sevctl (2025-4fc3431dab)	14 Jun 202500:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "0.5.12",
        "lessThan": "0.5.15",
        "versionType": "semver"
      }
    ],
    "packageName": "crossbeam-channel",
    "collectionURL": "https://github.com/crossbeam-rs/crossbeam",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 11",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:11/389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:directory_server:11"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Directory Server 12",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "redhat-ds:12/389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:directory_server:12"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "firefox",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "gjs",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust-afterburn",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "thunderbird",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "trustee-guest-components",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "firefox",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "thunderbird",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds:1.4/389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "firefox",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rpm-ostree",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust-toolset:rhel8/rust",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "thunderbird",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "389-ds-base",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "firefox",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "librsvg2",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rpm-ostree",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust-afterburn",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust-coreos-installer",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "thunderbird",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "trustee-guest-components",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift AI (RHOAI)",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhoai/odh-feast-operator-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift_ai"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift AI (RHOAI)",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhoai/odh-feature-server-rhel8",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift_ai"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "conmon-rs",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "coreos-installer",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "kata-containers",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rpm-ostree",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat OpenShift Container Platform 4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rust-afterburn",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:openshift:4"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python3.12-maturin",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Satellite 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "python-maturin",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:satellite:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Trusted Artifact Signer",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhtas/tuffer-rhel9",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:trusted_artifact_signer:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Trusted Artifact Signer",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhtas/tuftool-rhel9",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:trusted_artifact_signer:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Trusted Profile Analyzer",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhtpa/rhtpa-trustification-service-rhel9",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:trusted_profile_analyzer:1"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Trusted Profile Analyzer",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rhtpa/rhtpa-trustification-service-rhel9",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:trusted_profile_analyzer:2"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/advisories/GHSA-pg9f-39pc-qf8g
access	www.access.redhat.com/security/cve/CVE-2025-4574
github	www.github.com/crossbeam-rs/crossbeam/pull/1187

15 Apr 2026 00:35Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.16.5

EPSS0.00138

SSVC

CWE-415