CVE-2025-48367
📋 TL;DR
This CVE describes a denial-of-service vulnerability in Redis where unauthenticated connections can cause repeated IP protocol errors, leading to client starvation and service disruption. All Redis deployments with affected versions that accept unauthenticated connections are vulnerable.
💻 Affected Systems
- Redis
📦 What is this software?
Redis by Redis
Redis by Redis
Redis by Redis
Redis by Redis
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage where Redis becomes unresponsive to legitimate clients, potentially affecting all applications dependent on the database.
Likely Case
Degraded performance and intermittent service disruptions as legitimate clients are starved of resources.
If Mitigated
Minimal impact if Redis is behind authentication or network controls that prevent unauthenticated access.
🎯 Exploit Status
The vulnerability requires sending malformed IP protocol packets to trigger repeated errors. No authentication is required, making exploitation straightforward for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.2.19, 7.2.10, 7.4.5, or 8.0.3
Vendor Advisory: https://github.com/redis/redis/releases
Restart Required: Yes
Instructions:
1. Identify your Redis version with 'redis-server --version'. 2. Download the appropriate patched version from GitHub releases. 3. Stop Redis service. 4. Install the new version. 5. Restart Redis service. 6. Verify the fix with 'redis-server --version'.
🔧 Temporary Workarounds
Enable Redis Authentication
allRequire password authentication for all Redis connections to prevent unauthenticated access.
# Edit redis.conf
requirepass your_strong_password_here
# Restart Redis
Network Access Controls
linuxRestrict Redis port (default 6379) access to trusted IP addresses only.
# Using iptables example
iptables -A INPUT -p tcp --dport 6379 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 6379 -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit Redis access to only trusted systems.
- Enable Redis authentication with strong passwords and monitor for authentication failures.
🔍 How to Verify
Check if Vulnerable:
Check Redis version with 'redis-server --version' and compare against vulnerable versions (before 6.2.19, 7.2.10, 7.4.5, 8.0.3).Check Version:
redis-server --versionVerify Fix Applied:
Confirm version is 6.2.19, 7.2.10, 7.4.5, 8.0.3 or later with 'redis-server --version' and test that Redis accepts connections normally.📡 Detection & Monitoring
Log Indicators:
- Repeated IP protocol errors in Redis logs
- Increased connection failures
- Unusual traffic patterns on port 6379
Network Indicators:
- High volume of malformed packets to Redis port
- Traffic from unexpected sources to Redis
SIEM Query:
source="redis.log" AND ("protocol error" OR "client starvation")🔗 References
- https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2
- https://github.com/redis/redis/releases/tag/6.2.19
- https://github.com/redis/redis/releases/tag/7.2.10
- https://github.com/redis/redis/releases/tag/7.4.5
- https://github.com/redis/redis/releases/tag/8.0.3
- https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq
