vulnerability

Debian: CVE-2025-46686: redis -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:A/AC:L/Au:S/C:N/I:N/A:P)	Jul 28, 2025	Jul 28, 2025	Aug 27, 2025

Severity

CVSS

(AV:A/AC:L/Au:S/C:N/I:N/A:P)

Published

Jul 28, 2025

Added

Jul 28, 2025

Modified

Aug 27, 2025

Description

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

Solution

no-fix-debian-deb-package

References

CVE-2025-46686
https://attackerkb.com/topics/CVE-2025-46686
CWE-401

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today