CVE-2025-46686

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Redis versions through 7.4.3

Description Redis allows excessive memory consumption via a multi-bulk command consisting of numerous bulks sent by an authenticated user. The server allocates memory for command arguments for each bulk, even if the command is skipped due to insufficient permissions.

Recommendations Update to a version beyond 7.4.3.

Exploit

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-789CWE-401

Related Identifiers

BDU:2025-09083

BIT-KEYDB-2025-46686

BIT-REDIS-2025-46686

BIT-VALKEY-2025-46686

CVE-2025-46686

GHSA-2R7G-8HPC-RPQ9

Affected Products

Debian

Red Os

Redis

CVE-2025-46686

Weakness Enumeration

Related Identifiers

Affected Products

References · 20