Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 05 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00028}

epss

{'score': 0.00041}


Mon, 14 Jul 2025 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00021}

epss

{'score': 0.00028}


Mon, 07 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
Description Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Title Redis DoS Vulnerability due to bad connection error handling
Weaknesses CWE-770
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-07-07T15:39:11.003Z

Reserved: 2025-05-19T15:46:00.394Z

Link: CVE-2025-48367

cve-icon Vulnrichment

Updated: 2025-07-07T15:38:57.602Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-07T16:15:24.063

Modified: 2025-09-05T15:15:14.377

Link: CVE-2025-48367

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-07-07T15:25:47Z

Links: CVE-2025-48367 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T21:47:24Z