PT-2025-32668 · Apache · Apache Brpc
Tyler Zars
·
Published
2025-08-12
·
Updated
2025-09-17
·
CVE-2025-54472
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Apache bRPC versions prior to 1.14.1
Description:
A flaw in the Redis parser within Apache bRPC allows unauthenticated remote attackers to crash services by triggering unlimited memory allocation. This issue affects the service via network communication. Approximately 103 potentially affected devices have been identified.
Recommendations:
Update to version 1.14.1.
Fix
DoS
Resource Exhaustion
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Brpc