{
  "threat_severity" : "Moderate",
  "public_date" : "2025-07-07T15:25:47Z",
  "bugzilla" : {
    "description" : "redis: Redis Unauthenticated Denial of Service",
    "id" : "2376857",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2376857"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.", "A flaw was found in Redis. Unauthenticated connections can trigger repeated IP protocol errors, leading to client starvation and an application-level denial of service. This flaw allows an attacker to induce this condition without authentication. This issue results in a denial of service condition for connected clients. The root cause is related to the improper handling of network traffic." ],
  "statement" : "The severity of this vulnerability is rated Moderate as it does not impact system availability. The effects are confined to the application layer without compromising the underlying system stability.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11401",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "valkey-0:8.0.4-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:12006",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "redis:6-8100020250716063446.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12789",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "redis:6-8040020250801055559.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12789",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "redis:6-8040020250801055559.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12769",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "redis:6-8060020250731141235.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12769",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "redis:6-8060020250731141235.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12769",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "redis:6-8060020250731141235.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12768",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "redis:6-8080020250730132007.63b34585"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12768",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "redis:6-8080020250730132007.63b34585"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-21T00:00:00Z",
    "advisory" : "RHSA-2025:11453",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "redis-0:6.2.19-1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-07-28T00:00:00Z",
    "advisory" : "RHSA-2025:12008",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "redis:7-9060020250716081121.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-07-31T00:00:00Z",
    "advisory" : "RHSA-2025:12468",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "redis-0:6.2.6-1.el9_0.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-08-01T00:00:00Z",
    "advisory" : "RHSA-2025:12478",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "redis-0:6.2.7-1.el9_2.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-08-04T00:00:00Z",
    "advisory" : "RHSA-2025:12524",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "redis-0:6.2.7-1.el9_4.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-08-05T00:00:00Z",
    "advisory" : "RHSA-2025:12892",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "redis:7-9040020250730125543.9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Will not fix",
    "package_name" : "rhaiis/vllm-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat AI Inference Server",
    "fix_state" : "Will not fix",
    "package_name" : "rhaiis/vllm-rocm-rhel9",
    "cpe" : "cpe:/a:redhat:ai_inference_server:3"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-24/de-minimal-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-24/de-minimal-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-24/ee-supported-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-24/ee-supported-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/ansible-dev-tools-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/de-minimal-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/de-minimal-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/ee-supported-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-25/ee-supported-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-automation-platform-25/lightspeed-chatbot-rhel8",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "automation-controller",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Not affected",
    "package_name" : "rhdh/rhdh-hub-rhel9",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Developer Hub",
    "fix_state" : "Not affected",
    "package_name" : "rhdh/rhdh-rhel9-operator",
    "cpe" : "cpe:/a:redhat:rhdh:1"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Not affected",
    "package_name" : "discovery/discovery-server-rhel9",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "valkey",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-aws-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-azure-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-gcp-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-intel-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/bootc-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/gemma-2-9b-it",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/gemma-2-9b-it-fp8",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/granite-3.1-8b-lab-v2.1",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/granite-3.1-8b-starter-v2.1",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/instructlab-amd-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/instructlab-nvidia-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/modelcar-gemma-2-9b-it",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/modelcar-gemma-2-9b-it-fp8",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/modelcar-granite-3-1-8b-lab-v2-1",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)",
    "fix_state" : "Not affected",
    "package_name" : "rhelai1/modelcar-granite-3-1-8b-starter-v2-1",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-feast-operator-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-feature-server-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-api-server-v2-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-driver-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-launcher-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Affected",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Red Hat Satellite 6",
    "fix_state" : "Not affected",
    "package_name" : "satellite/iop-advisor-engine-rhel9",
    "cpe" : "cpe:/a:redhat:satellite:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-48367\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-48367\nhttps://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2\nhttps://github.com/redis/redis/releases/tag/6.2.19\nhttps://github.com/redis/redis/releases/tag/7.2.10\nhttps://github.com/redis/redis/releases/tag/7.4.5\nhttps://github.com/redis/redis/releases/tag/8.0.3\nhttps://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq\nhttps://github.com/valkey-io/valkey/releases" ],
  "name" : "CVE-2025-48367",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}