Memory Allocation Flaw in Apache bRPC Redis Protocol Parser
CVE-2025-54472

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Brpc
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-54472?

A memory allocation flaw exists in the Redis protocol parser of Apache bRPC affecting all versions prior to 1.14.1. Attackers can exploit this vulnerability by sending specially crafted data packets to the bRPC service, which may lead to service crashes through malfunctioning memory allocation. Although version 1.14.0 attempted to address this issue by imposing limits on memory allocation, its implementation is weak and can be bypassed, keeping it vulnerable. Users should ensure they either upgrade to version 1.14.1 or apply an available patch to mitigate this risk.

Affected Version(s)

Apache bRPC 0 < 1.14.1

References

https://lists.apache.org/thread/r3xsy3wvs4kmfhc281173k5b6...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 23, 2025

Credit

Tyler Zars