VDB
CVE-2025-46686
CVE-2025-46686
PUBLISHED
Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.
EPSS 0.17% · 38.0th percentile
Risk Scores
EPSS Score
0.17%
38.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | redis | 0, 0, 0 |
| Bitnami | keydb | 0 |
| Bitnami | keydb | 0, 0, 0 |
| Bitnami | valkey | 0, 0, 0 |
| Bitnami | valkey | 0 |
| Bitnami | redis | 0 |
Timeline
- Jul 23, 2025 CVE Published
- Jul 23, 2025 Coalition ESS Score
- Jul 23, 2025 PoC Published
- Jul 23, 2025 PoC Published
- Jul 24, 2025 EPSS Score
- Jul 25, 2025 Coalition ESS Score
- Aug 2, 2025 EPSS Score
- Aug 11, 2025 EPSS Score
- Aug 20, 2025 EPSS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 26, 2025 CVE Updated
- Aug 27, 2025 Coalition ESS Score