CVE-2025-48367

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2	Patch
https://github.com/redis/redis/releases/tag/6.2.19	Release Notes
https://github.com/redis/redis/releases/tag/7.2.10	Release Notes
https://github.com/redis/redis/releases/tag/7.4.5	Release Notes
https://github.com/redis/redis/releases/tag/8.0.3	Release Notes
https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::

History

05 Sep 2025, 15:15

Type	Values Removed	Values Added
First Time		Redis redis Redis
CPE		cpe:2.3:a:redis:redis::::::::
References	~~() https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2 -~~	() https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2 - Patch
References	~~() https://github.com/redis/redis/releases/tag/6.2.19 -~~	() https://github.com/redis/redis/releases/tag/6.2.19 - Release Notes
References	~~() https://github.com/redis/redis/releases/tag/7.2.10 -~~	() https://github.com/redis/redis/releases/tag/7.2.10 - Release Notes
References	~~() https://github.com/redis/redis/releases/tag/7.4.5 -~~	() https://github.com/redis/redis/releases/tag/7.4.5 - Release Notes
References	~~() https://github.com/redis/redis/releases/tag/8.0.3 -~~	() https://github.com/redis/redis/releases/tag/8.0.3 - Release Notes
References	~~() https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq -~~	() https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq - Third Party Advisory

08 Jul 2025, 16:18

Type	Values Removed	Values Added
Summary		(es) Redis es una base de datos en memoria de código abierto que persiste en el disco. Una conexión no autenticada puede causar errores repetidos del protocolo IP, lo que provoca la inactividad del cliente y, en última instancia, una denegación de servicio. Esta vulnerabilidad está corregida en las versiones 8.0.3, 7.4.5, 7.2.10 y 6.2.19.

07 Jul 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-07 16:15

Updated : 2025-09-05 15:15

NVD link : CVE-2025-48367

Mitre link : CVE-2025-48367

CVE.ORG link : CVE-2025-48367

JSON object : View

Products Affected

redis

redis

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10