INFSA-2025:11453: redis security update
Information about definition
Identificator: INFSA-2025:11453
Type: security
Release date: 2025-07-25 11:04:20 UTC
Information about package
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Vulnerabilities description
- CVE-2025-48367
Redis is vulnerable to a denial of service, caused by a bad connection error handling.
- CVE-2025-32023
A flaw was found in Redis. This flaw allows an authenticated user to trigger an integer overflow by sending a specially crafted string, resulting in a stack or heap out-of-bounds write during hyperloglog operations. This issue potentially results in remote code execution.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-32023
|
no information | 7.0 | no information |
|
NIST — CVE-2025-48367
|
no information | 5.3 | no information |
Updated packages