PT-2025-28132 · Redis+8 · Redis+8
Julienperriercornet
·
Publicado
2025-07-06
·
Atualizado
2025-10-21
·
CVE-2025-48367
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Redis versions prior to 8.0.3
Redis versions prior to 7.4.5
Redis versions prior to 7.2.10
Redis versions prior to 6.2.19
Description:
The issue is related to an unauthenticated connection that can cause repeated IP protocol errors, leading to client starvation and a denial of service. It is also described as a DoS flaw where authenticated clients can misuse multi-bulk commands. The estimated number of potentially affected devices worldwide is over 3.4 million.
Recommendations:
For versions prior to 8.0.3, update to version 8.0.3 or later.
For versions prior to 7.4.5, update to version 7.4.5 or later.
For versions prior to 7.2.10, update to version 7.2.10 or later.
For versions prior to 6.2.19, update to version 6.2.19 or later.
As a temporary workaround, consider reinforcing access controls to minimize the risk of exploitation.
Exploit
Correção
RCE
DoS
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Almalinux
Centos
Debian
Red Hat
Red Os
Redis
Rocky Linux
Suse