CVE-2025-48367

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-48367
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48367.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-48367
Aliases
Downstream
Related
Published
2025-07-07T15:25:47Z
Modified
2025-11-09T19:54:34.187192Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Redis DoS Vulnerability due to bad connection error handling
Details

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

Database specific 
{
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
e91a340e241cf0abe3c6a0c254214fbe4aa1d95f
Fixed
b49d5c0cf4e96a277d4b4e98f61d10c792b37003
Database specific 
{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
4606f91d5e31f69e8dadcf4125f386da6f942673
Fixed
7e0f53393290f7c1f35596117b67748efad16580
Database specific 
{
    "versions": [
        {
            "introduced": "7.4-rc1"
        },
        {
            "fixed": "7.4.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc
Fixed
5a752e19782b9f8f80c7ef85e21cb47647954f09
Database specific 
{
    "versions": [
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.2.10"
        }
    ]
}
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fa00bd2fff1533ad6e8483d9ce8868f383df2fbb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.2.19"
        }
    ]
}

Affected versions

1.*

1.3.6

2.*

2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0

3.*

3.0-alpha0

6.*

6.2-rc1
6.2-rc2
6.2-rc3
6.2.0
6.2.1
6.2.10
6.2.11
6.2.12
6.2.13
6.2.14
6.2.15
6.2.16
6.2.17
6.2.18
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9

7.*

7.4-rc1
7.4-rc2
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4

8.*

8.0.0
8.0.1
8.0.1-int
8.0.2

v1.*

v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9

v2.*

v2.0.0-rc1
v2.1.1-watch

Other

vm-playpen
with-deprecated-diskstore