Redis Security Update Advisory

Jul 11 2025

Overview

We have released a security update to address a vulnerability in Redis. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-32023

Redis Version: 2.8 and above but below 6.2.19
Redis version: 7.2.0 and above but below 7.2.10
Redis version: 7.4.0 or later but less than 7.4.5
Redis version: 8.0.0 or later but less than 8.0.3

CVE-2025-48367

Redis Version: 6.2.19 and earlier
Redis version: 7.2.0 or later but less than 7.2.10
Redis version: 7.4.0 or later but less than 7.4.5
Redis version: 8.0.0 or later but not earlier than 8.0.3

Resolved Vulnerabilities

Code execution vulnerability due to out-of-bounds memory write when handling hyperloglog commands in Redis (CVE-2025-32023)
Denial of service vulnerability due to incorrect handling of connection errors in Redis (CVE-2025-48367)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-32023, CVE-2025-48367

Redis version: 6.2.19
Redis version: 7.2.10
Redis Version : 7.4.5
Redis Version : 8.0.3

Referenced Sites

[1] Out of bounds write in hyperloglog commands leads to RCE
https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43
[2] Redis DoS Vulnerability due to bad connection error handling
https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq

Redis Security Update Advisory

IBM Product Security Update Advisory (CVE-2025-36014)

Apache Tomcat July 07 Secondary Security Update Advisory

Tags:

IBM Product Security Update Advisory (CVE-2025-36014)

Apache Tomcat July 07 Secondary Security Update Advisory