Rust is a multi-paradigm programming language focused on performance and safety, especially safe concurrency.

Rust

In 0.11.0, we overhauled the server-side `Endpoint` implementation to enable
more careful handling of incoming connection attempts. However, some of the
code paths that cleaned up state after connection attempts were processed
confused the initial destination connection ID with the destination connection
ID of a substantial package. This resulted in the internal `Endpoint` state
becoming inconsistent, which could then lead to a panic.
https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f
Thanks to [@finbear](https://github.com/finnbear) for reporting and investingating,
and to [@BiagoFesta](https://github.com/BiagoFesta) for coordinating.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
GHSA-2fjw-whxm-9v4q	CRITICAL	9.3	Rust	nftnl	No	Yes	Nov 25, 2025
CVE-2025-66017	HIGH	8.2	Rust	cggmp21	No	Yes	Nov 25, 2025
GHSA-mj73-j457-8x9q	LOW	2.7	Rust	maxminddb	No	Yes	Dec 02, 2025
GHSA-pq5v-rwp8-p7gm	LOW	2.7	Rust	rtvm-interpreter	No	No	Dec 02, 2025
RUSTSEC-2025-0132	N/A	N/A	Rust	maxminddb	No	Yes	Nov 28, 2025

RUSTSEC-2024-0373:
Rust vulnerability analysis and mitigation

7.5

Related Rust vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

RUSTSEC-2024-0373: Rust vulnerability analysis and mitigation