vulnerability
FreeBSD: VID-af8d043f-20df-11f0-b9c5-000c295725e4 (CVE-2025-21605): redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Apr 24, 2025 | Apr 25, 2025 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Apr 24, 2025
Added
Apr 25, 2025
Modified
Dec 10, 2025
Description
Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory.
Solutions
freebsd-upgrade-package-redisfreebsd-upgrade-package-redis72freebsd-upgrade-package-redis62freebsd-upgrade-package-valkey
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.