Memory Consumption Vulnerability in Redis by Redis Labs
CVE-2025-46686

3.5LOW

Key Information:

Vendor: Redis
Status: Redis
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-46686?

Redis, up to version 7.4.3, is vulnerable to a memory consumption issue that can be exploited by authenticated users. This flaw allows attackers to send multi-bulk commands with numerous bulk segments, leading to excessive memory allocation on the server. The server allocates memory for these command arguments even when the commands are not executed due to insufficient permissions. As a result, this vulnerability can result in resource exhaustion, potentially impacting the performance and stability of the Redis service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Redis 0 <= 8.0.3

References

https://github.com/redis/redis

https://github.com/io-no/CVE-Reports/issues/1

https://github.com/redis/redis/security/advisories/GHSA-2...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 27, 2025

JSON

Redis

What is CVE-2025-46686?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.