CVE-2025-48367

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 8.0.3 Redis versions prior to 7.4.5 Redis versions prior to 7.2.10 Redis versions prior to 6.2.19

Description: The issue is related to an unauthenticated connection that can cause repeated IP protocol errors, leading to client starvation and a denial of service. It is also described as a DoS flaw where authenticated clients can misuse multi-bulk commands. The estimated number of potentially affected devices worldwide is over 3.4 million.

Recommendations: For versions prior to 8.0.3, update to version 8.0.3 or later. For versions prior to 7.4.5, update to version 7.4.5 or later. For versions prior to 7.2.10, update to version 7.2.10 or later. For versions prior to 6.2.19, update to version 6.2.19 or later. As a temporary workaround, consider reinforcing access controls to minimize the risk of exploitation.