Memory Consumption Vulnerability in Redis by Redis Labs
CVE-2025-46686

3.5LOW

Key Information:

Vendor: Redis
Status: Redis
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-46686?

Redis, up to version 7.4.3, is vulnerable to a memory consumption issue that can be exploited by authenticated users. This flaw allows attackers to send multi-bulk commands with numerous bulk segments, leading to excessive memory allocation on the server. The server allocates memory for these command arguments even when the commands are not executed due to insufficient permissions. As a result, this vulnerability can result in resource exhaustion, potentially impacting the performance and stability of the Redis service.

Affected Version(s)

Redis 0 <= 8.0.3

References

https://github.com/redis/redis

https://github.com/io-no/CVE-Reports/issues/1

https://github.com/redis/redis/security/advisories/GHSA-2...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 27, 2025