Race Condition Affecting process_lock package, versions *

Q: How to fix?

There is no fixed version for process_lock .

Threat Intelligence

0.02% (3^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-RUST-PROCESSLOCK-10442549
published20 Jun 2025
disclosed24 May 2025
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 24 May 2025

CVE-2025-48751 (opens in a new tab) CWE-362 (opens in a new tab)

How to fix?

There is no fixed version for process_lock.

Overview

process_lock is a process lock impl multi process for rust.

Affected versions of this package are vulnerable to Race Condition through the unlock process. An attacker can induce a data race condition by exploiting the lack of proper synchronization mechanisms.

References

GitHub Issue

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
Present
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
None
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None