Denial of Service Vulnerability Found in Redis Open Source In-Memory Database
CVE-2025-48367
What is CVE-2025-48367?
CVE-2025-48367 is a vulnerability identified in Redis, an open-source, in-memory database widely employed for its speed and efficiency in data retrieval and processing. This vulnerability arises due to an unauthenticated connection that can lead to repeated IP protocol errors, resulting in client starvation. Such conditions can cause a denial of service (DoS), compromising the availability of the database for legitimate users. The vulnerability's technical implications suggest that attackers could disrupt service without needing valid authentication credentials, thus posing a risk to organizations that rely on Redis for real-time data access and operations.
Potential impact of CVE-2025-48367
-
Denial of Service (DoS): The primary impact of this vulnerability is the potential for a DoS, where legitimate users are unable to access the Redis service. This can lead to interruptions in business operations and may affect applications that depend on Redis for data storage and retrieval.
-
Operational Disruption: Organizations using Redis may experience significant operational disruptions due to the inability to access critical data. This can hinder application performance and degrade the overall user experience for services dependent on the database.
-
Increased Security Risks: While the vulnerability does not allow for remote code execution, the unauthorized access pathway it opens could encourage further attack attempts. This might pave the way for threat actors to exploit other vulnerabilities within a system, leading to wider compromises beyond just the Redis database.
Affected Version(s)
redis >= 8.0.0, < 8.0.3 < 8.0.0, 8.0.3
redis >= 7.4-rc1, < 7.4.5 < 7.4-rc1, 7.4.5
redis >= 7.0.0, < 7.2.10 < 7.0.0, 7.2.10