🟠 High | Source: Microsoft Security Response Center
CVE-2025-4574 is a memory safety vulnerability in the Rust crate ‘crossbeam-channel’, a widely used concurrency library. The flaw can trigger a double-free error when a channel is dropped under certain conditions, potentially leading to memory corruption or exploitable crashes. This matters because crossbeam-channel is a common dependency in Rust-based cloud services and infrastructure tooling, including components within the Azure ecosystem.
Security Architect’s Take: Audit your Rust-based services and Azure workloads for direct or transitive dependencies on crossbeam-channel and update to the patched version immediately. Pay particular attention to multi-threaded services where channel drop behaviour could be triggered under production load.
Original advisory: CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop