How to fix CVE-2025-48367?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Is Redis affected by CVE-2025-48367?

Organizations using Redis face notable risk from CVE-2025-48367 rated CVSS 7.5. Exploitation could compromise the security of affected deployments. A patch is available and should be applied as part of regular vulnerability management.

CVE-2025-48367

EUVD-2025-20232 HIGH

2025-07-07 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 03:37 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 03:37 euvd

EUVD-2025-20232

Patch Released

Mar 16, 2026 - 03:37 nvd

Patch available

CVE Published

Jul 07, 2025 - 16:15 nvd

HIGH 7.5

Description

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

Analysis

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Allocation of Resources Without Limits or Throttling (CWE-770).

Affected Products

Affected products: Redis Redis

Remediation

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

redict

Release	Status	Version
jammy	DNE	-
noble	DNE	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

valkey

Release	Status	Version
jammy	DNE	-
noble	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage	-

redis

Release	Status	Version
oracular	ignored	end of life, was needs-triage
bionic	needed	-
focal	needed	-
jammy	needed	-
noble	needed	-
trusty	needed	-
upstream	released	8.0.3, 7.4.5, 7.2.10, 6.2.19
xenial	needed	-
plucky	ignored	end of life, was needed
questing	needed	-

Debian

Bug #1108980

redict

Release	Status	Fixed Version	Urgency
forky, sid	fixed	7.3.6+ds-1	-
(unstable)	fixed	7.3.5+ds-1	-

redis

Release	Status	Fixed Version	Urgency
bullseye	fixed	5:6.0.16-1+deb11u7	-
bullseye (security)	fixed	5:6.0.16-1+deb11u8	-
bookworm, bookworm (security)	fixed	5:7.0.15-1~deb12u6	-
trixie (security), trixie	fixed	5:8.0.2-3+deb13u1	-
forky, sid	fixed	5:8.0.5-1	-
bookworm	fixed	5:7.0.15-1~deb12u5	-
(unstable)	fixed	5:8.0.2-2	-

valkey

Release	Status	Fixed Version	Urgency
trixie (security), trixie	fixed	8.1.1+dfsg1-3+deb13u1	-
forky, sid	fixed	8.1.4+dfsg1-1	-
(unstable)	fixed	8.1.1+dfsg1-3	-

DLA-4240-1 DSA-5969-1

CVE-2025-48367 vulnerability details – vuln.today

Back

CVE-2025-48367

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-48367

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code