CVE-2025-48367 in Redis
Summary
by MITRE • 07/07/2025
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/26/2025
Redis represents a widely deployed in-memory data structure store that serves as both a database and cache system across numerous enterprise environments. The vulnerability identified as CVE-2025-48367 specifically targets the protocol handling mechanisms within Redis implementations. This flaw manifests when unauthenticated connections attempt to establish communication with the Redis server, triggering a sequence of IP protocol errors that cascade through the network stack. The affected versions of Redis fail to properly validate or handle malformed connection attempts, creating a condition where repeated protocol violations can accumulate and consume system resources.
The technical execution of this vulnerability involves the exploitation of insufficient input validation within Redis's network protocol parser. When an unauthenticated client connects to a Redis instance, the server processes the initial connection handshake and subsequent protocol commands without adequate sanitization of malformed data. This deficiency allows attackers to craft specific connection patterns that repeatedly trigger IP protocol error conditions within the Redis server's processing pipeline. The vulnerability operates at the network protocol level, leveraging the fundamental TCP/IP stack behaviors to create resource exhaustion conditions.
The operational impact of CVE-2025-48367 extends beyond simple service disruption to create a systematic degradation of Redis server performance. Client starvation occurs as the server becomes overwhelmed with processing protocol errors rather than serving legitimate requests. This resource consumption pattern effectively transforms the Redis instance into a denial of service target where legitimate clients cannot establish connections or receive responses in a timely manner. The vulnerability particularly affects systems where Redis is deployed without proper authentication mechanisms or access controls, creating a vector for automated exploitation.
This vulnerability maps to CWE-129, which addresses improper validation of input boundaries, and aligns with ATT&CK technique T1499.004 for network denial of service attacks. The attack surface is particularly concerning given Redis's widespread deployment in cloud environments and microservices architectures where multiple applications depend on Redis for data persistence and caching. Organizations utilizing Redis in production environments should prioritize patching to versions 8.0.3, 7.4.5, 7.2.10, and 6.2.19, as these releases contain the necessary protocol validation fixes. Network segmentation and firewall rules should be implemented to restrict direct access to Redis instances from untrusted networks, while enabling authentication mechanisms remains critical for protecting against unauthorized access attempts that could trigger this vulnerability.