CVE-2025-48367

high

Published 2025-07-21 · Modified 2025-07-28

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.0

Description

RHSA-2025:12006: redis:6 security update (Important)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description redis: Redis Unauthenticated Denial of Service Red Hat statement The severity of this vulnerability is rated Moderate as it does not impact system availability. The effects are confined to the application layer without compromising the underlying system stability. CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat…

Description

redis: Redis Unauthenticated Denial of Service

Red Hat statement

The severity of this vulnerability is rated Moderate as it does not impact system availability. The effects are confined to the application layer without compromising the underlying system stability.

CVSS v3: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 10	`valkey-0:8.0.4-1.el10_0`	RHSA-2025:11401	2025-07-21T00:00:00Z
Red Hat Enterprise Linux 8	`redis:6-8100020250716063446.489197e6`	RHSA-2025:12006	2025-07-28T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`redis:6-8040020250801055559.522a0ee4`	RHSA-2025:12789	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	`redis:6-8040020250801055559.522a0ee4`	RHSA-2025:12789	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`redis:6-8060020250731141235.ad008a3a`	RHSA-2025:12769	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	`redis:6-8060020250731141235.ad008a3a`	RHSA-2025:12769	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	`redis:6-8060020250731141235.ad008a3a`	RHSA-2025:12769	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	`redis:6-8080020250730132007.63b34585`	RHSA-2025:12768	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	`redis:6-8080020250730132007.63b34585`	RHSA-2025:12768	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 9	`redis-0:6.2.19-1.el9_6`	RHSA-2025:11453	2025-07-21T00:00:00Z
Red Hat Enterprise Linux 9	`redis:7-9060020250716081121.9`	RHSA-2025:12008	2025-07-28T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	`redis-0:6.2.6-1.el9_0.4`	RHSA-2025:12468	2025-07-31T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	`redis-0:6.2.7-1.el9_2.4`	RHSA-2025:12478	2025-08-01T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`redis-0:6.2.7-1.el9_4.4`	RHSA-2025:12524	2025-08-04T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`redis:7-9040020250730125543.9`	RHSA-2025:12892	2025-08-05T00:00:00Z

Package state

Product	Package	State
Red Hat AI Inference Server	`rhaiis/vllm-cuda-rhel9`	Will not fix
Red Hat AI Inference Server	`rhaiis/vllm-rocm-rhel9`	Will not fix
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-24/de-minimal-rhel8`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-24/de-minimal-rhel9`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-24/ee-supported-rhel8`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-24/ee-supported-rhel9`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8`	Will not fix
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/ansible-dev-tools-rhel8`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/de-minimal-rhel8`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/de-minimal-rhel9`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/ee-supported-rhel8`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/ee-supported-rhel9`	Not affected
Red Hat Ansible Automation Platform 2	`ansible-automation-platform-25/lightspeed-chatbot-rhel8`	Affected
Red Hat Ansible Automation Platform 2	`automation-controller`	Affected
Red Hat Developer Hub	`rhdh/rhdh-hub-rhel9`	Not affected
Red Hat Developer Hub	`rhdh/rhdh-rhel9-operator`	Not affected
Red Hat Discovery 1	`discovery/discovery-server-rhel9`	Not affected
Red Hat Enterprise Linux 9	`valkey`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-amd-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-aws-nvidia-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-azure-amd-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-azure-nvidia-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-gcp-nvidia-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-intel-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/bootc-nvidia-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/gemma-2-9b-it`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/gemma-2-9b-it-fp8`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/granite-3.1-8b-lab-v2.1`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/granite-3.1-8b-starter-v2.1`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/instructlab-amd-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/instructlab-nvidia-rhel9`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/modelcar-gemma-2-9b-it`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/modelcar-gemma-2-9b-it-fp8`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/modelcar-granite-3-1-8b-lab-v2-1`	Not affected
Red Hat Enterprise Linux AI (RHEL AI)	`rhelai1/modelcar-granite-3-1-8b-starter-v2-1`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-data-science-pipelines-argo-argoexec-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-feast-operator-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-feature-server-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-ml-pipelines-api-server-v2-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-ml-pipelines-driver-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-ml-pipelines-launcher-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9`	Not affected
Red Hat OpenShift AI (RHOAI)	`rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9`	Not affected
Red Hat Quay 3	`quay/quay-rhel8`	Affected
Red Hat Satellite 6	`satellite/iop-advisor-engine-rhel9`	Not affected

Apply commands

bash fix

Apply RHSA-2025:11401 for Red Hat Enterprise Linux 10

yum update -y valkey
# or:
dnf upgrade -y valkey

Affected

Vendor	Product	Version
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Not affected`
redhat	Red Hat Ansible Automation Platform 2	`Affected`
redhat	Red Hat Ansible Automation Platform 2	`Affected`
redhat	Red Hat Developer Hub	`Not affected`
redhat	Red Hat Developer Hub	`Not affected`
redhat	Red Hat Discovery 1	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`
redhat	Red Hat Enterprise Linux AI (RHEL AI)	`Not affected`

OS impact

OS	Version	Status	Fixed in
rhel	9	fixed
rocky	8	fixed
sles		affected
rocky	9	fixed
debian	forky	fixed	`7.3.5+ds-1`
debian	sid	fixed	`7.3.5+ds-1`
debian	bookworm	fixed	`5:7.0.15-1~deb12u5`
debian	bullseye	fixed	`5:6.0.16-1+deb11u7`
debian	trixie	fixed	`5:8.0.2-2`
almalinux	9	fixed	`redis-devel-7.2.10-1.module_el9.6.0+173+efaf9205.aarch64.rpm`
rhel	8	fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.