CVE-2025-48367

{"id": "CVE-2025-48367", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-07T16:15:24.063", "references": [{"url": "https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/redis/redis/releases/tag/6.2.19", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/redis/redis/releases/tag/7.2.10", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/redis/redis/releases/tag/7.4.5", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/redis/redis/releases/tag/8.0.3", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19."}, {"lang": "es", "value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Una conexi\u00f3n no autenticada puede causar errores repetidos del protocolo IP, lo que provoca la inactividad del cliente y, en \u00faltima instancia, una denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 corregida en las versiones 8.0.3, 7.4.5, 7.2.10 y 6.2.19."}], "lastModified": "2025-09-05T15:15:14.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30DA9181-78C7-4F7F-A7CF-388E597599E1", "versionEndExcluding": "6.2.19"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5A9EBF1-DA21-4013-9CA3-D1CED6FBA5FA", "versionEndExcluding": "7.2.10", "versionStartIncluding": "7.0"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4454F0DA-CF1E-4CDA-95F7-8D38AF09A321", "versionEndExcluding": "7.4.5", "versionStartIncluding": "7.4.0"}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "950B5CD3-9E19-4DBA-8475-773C88193A71", "versionEndExcluding": "8.0.3", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}