- Description
- Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-770
- Hype score
- Not currently trending
Thread: Breaking down Valkey’s new security patches 🧵 3 CVEs fixed, including a CVSS 8.7 remote DoS (CVE-2025-21605). Here’s what DevOps teams need to know: Read more: 👉 https://t.co/Ddb7ncfKjp https://t.co/LMHbE0jonG
@Cezar_H_Linux
15 Jun 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Redis 输出缓冲区无限增长漏洞(CVE-2025-21605):在7.4.3 > Redis >= 2.6版本中,未认证的客户端可以导致输出缓冲区无限增长,直到服务器内存耗尽或进程被终止。 https://t.co/vKfqr61keM
@chenze654321
28 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-21605 🔴 HIGH (7.5) 🏢 redis - redis 🏗️ >= 2.6, < 7.4.3 🔗 https://t.co/83MHCs4JOB 🔗 https://t.co/dmDrBvCbxH #CyberCron #VulnAlert #InfoSec https://t.co/DNXVPIuRYq
@cybercronai
25 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-21605: Redis Vulnerability Exposes Servers to Denial-of-Service Attacks 🎯1.1m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/LnfxXGQu9Z FOFA Query:protocol="redis" && banner="NOAUTH Authentication require
@fofabot
25 Apr 2025
830 Impressions
2 Retweets
14 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21605 - Redis Denial-of-Service vulnerability. If you're using Redis Authentication on Redis versions >= 2.6, < 7.4.3 be sure to update! This is a simple DoS on all Redis deployments which have password authentication is enabled. The issue was fixed in the followin
@gothburz
24 Apr 2025
120 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Redisにおける深刻な脆弱性(CVE-2025-21605)が報告された。未認証の攻撃者が出力バッファを無制限に膨張させることで、メモリを枯渇させDoS(サービス不能)状態を引き起こす可能性があるものである。 これはRedis
@yousukezan
24 Apr 2025
2453 Impressions
6 Retweets
25 Likes
12 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-21605 :Redis Vulnerability Exposes Servers to Denial-of-Service Attacks. It affects all Redis versions from 2.6 onward. 📊570.7K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/LhLk0vo300 👇Query HUNTER : https://t.co/0I1bC
@HunterMapping
24 Apr 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Redis Vulnerability Exposes Servers to Denial-of-Service Attacks High-severity #Redis vulnerability (CVE-2025-21605) allows unauthenticated users to cause DoS. Upgrade to patched versions or apply mitigations to protect your server. https://t.co/uWxcOqnPjh
@the_yellow_fall
24 Apr 2025
60 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21605 Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growt… https://t.co/muToFIiUGI
@CVEnew
23 Apr 2025
161 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes