CVE-2025-48367

CVE-2025-48367

Name

CVE-2025-48367

Description

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2
MISC	https://github.com/redis/redis/releases/tag/6.2.19
MISC	https://github.com/redis/redis/releases/tag/7.2.10
MISC	https://github.com/redis/redis/releases/tag/7.4.5
MISC	https://github.com/redis/redis/releases/tag/8.0.3
CONFIRM	https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq

Type

URI

MISC

https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2

MISC

https://github.com/redis/redis/releases/tag/6.2.19

MISC

https://github.com/redis/redis/releases/tag/7.2.10

MISC

https://github.com/redis/redis/releases/tag/7.4.5

MISC

https://github.com/redis/redis/releases/tag/8.0.3

CONFIRM

https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq

Match rules

CPE URI	Source package	Min version	Max version
	redis	>= 8.0.0	< 8.0.3
	redis	>= 7.4-rc1	< 7.4.5
	redis	>= 7.0.0	< 7.2.10
	redis	>= 0	< 6.2.19
`cpe:2.3:a:redis:redis::::::::`	redis	>= None	< 6.2.19
`cpe:2.3:a:redis:redis::::::::`	redis	>= 7.0	< 7.2.10
`cpe:2.3:a:redis:redis::::::::`	redis	>= 7.4.0	< 7.4.5

CPE URI

Source package

Min version

Max version

redis

>= 8.0.0

< 8.0.3

redis

>= 7.4-rc1

< 7.4.5

redis

>= 7.0.0

< 7.2.10

redis

>= 0

< 6.2.19

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= None

< 6.2.19

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= 7.0

< 7.2.10

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= 7.4.0

< 7.4.5

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
valkey	edge-main	8.1.1-r2	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.22-main	8.1.1-r2	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.21-main	7.2.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.20-main	7.2.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
redis	edge-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.2-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.1-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.0-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.12-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.11-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.0-r0	None	possibly vulnerable
redis	edge-main	6.0.3-r0	None	possibly vulnerable
redis	edge-main	5.0.8-r0	None	possibly vulnerable
redis	edge-main	5.0.4-r0	None	possibly vulnerable
redis	edge-community	8.0.3-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.2-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.1-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.0-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	7.2.7-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.5-r2	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.5-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r0	None	possibly vulnerable
redis	edge-community	7.2.2-r0	None	possibly vulnerable
redis	edge-community	7.2.1-r0	None	possibly vulnerable
redis	edge-community	7.0.12-r0	None	possibly vulnerable
redis	edge-community	7.0.8-r0	None	possibly vulnerable
redis	edge-community	7.0.6-r0	None	possibly vulnerable
redis	edge-community	7.0.5-r0	None	possibly vulnerable
redis	edge-community	7.0.4-r0	None	possibly vulnerable
redis	edge-community	6.2.7-r0	None	possibly vulnerable
redis	edge-community	6.2.6-r0	None	possibly vulnerable
redis	edge-community	6.2.5-r0	None	possibly vulnerable
redis	edge-community	6.2.4-r0	None	possibly vulnerable
redis	edge-community	6.2.0-r0	None	possibly vulnerable
redis	edge-community	6.0.3-r0	None	possibly vulnerable
redis	edge-community	5.0.8-r0	None	possibly vulnerable
redis	edge-community	5.0.4-r0	None	possibly vulnerable
redis	3.22-community	8.0.3-r0	fossdd <fossdd@pwned.life>	fixed
redis	3.22-community	8.0.2-r0	None	fixed
redis	3.22-community	8.0.0-r0	None	fixed
redis	3.22-community	7.2.9-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	3.22-community	7.2.7-r0	None	possibly vulnerable
redis	3.22-community	7.2.5-r1	None	possibly vulnerable
redis	3.22-community	7.2.4-r0	None	possibly vulnerable
redis	3.22-community	7.2.2-r0	None	possibly vulnerable
redis	3.22-community	7.2.1-r0	None	possibly vulnerable
redis	3.22-community	7.0.12-r0	None	possibly vulnerable
redis	3.22-community	7.0.8-r0	None	possibly vulnerable
redis	3.22-community	7.0.6-r0	None	possibly vulnerable
redis	3.22-community	7.0.5-r0	None	possibly vulnerable
redis	3.22-community	7.0.4-r0	None	possibly vulnerable
redis	3.22-community	6.2.7-r0	None	possibly vulnerable
redis	3.22-community	6.2.6-r0	None	possibly vulnerable
redis	3.22-community	6.2.5-r0	None	possibly vulnerable
redis	3.22-community	6.2.4-r0	None	possibly vulnerable
redis	3.22-community	6.2.0-r0	None	possibly vulnerable
redis	3.22-community	6.0.3-r0	None	possibly vulnerable
redis	3.22-community	5.0.8-r0	None	possibly vulnerable
redis	3.22-community	5.0.4-r0	None	possibly vulnerable
redis	3.19-main	7.2.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.2-r0	None	possibly vulnerable
redis	3.19-main	7.2.1-r0	None	possibly vulnerable
redis	3.19-main	7.0.12-r0	None	possibly vulnerable
redis	3.19-main	7.0.8-r0	None	possibly vulnerable
redis	3.19-main	7.0.6-r0	None	possibly vulnerable
redis	3.19-main	7.0.5-r0	None	possibly vulnerable
redis	3.19-main	7.0.4-r0	None	possibly vulnerable
redis	3.19-main	6.2.7-r0	None	possibly vulnerable
redis	3.19-main	6.2.6-r0	None	possibly vulnerable
redis	3.19-main	6.2.5-r0	None	possibly vulnerable
redis	3.19-main	6.2.4-r0	None	possibly vulnerable
redis	3.19-main	6.2.0-r0	None	possibly vulnerable
redis	3.19-main	6.0.3-r0	None	possibly vulnerable
redis	3.19-main	5.0.8-r0	None	possibly vulnerable
redis	3.19-main	5.0.4-r0	None	possibly vulnerable
redict	edge-community	7.3.3-r2	fossdd <fossdd@pwned.life>	fixed
redict	3.22-community	7.3.3-r2	fossdd <fossdd@pwned.life>	fixed

Source package

Branch

Version

Maintainer

Status

valkey

edge-main

8.1.1-r2

Jakub Jirutka <jakub@jirutka.cz>

fixed

valkey

3.22-main