1. Home
  2. CVE Database
  3. CVE-2025-46686
LOW · 3.5

CVE-2025-46686

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments ...

Vulnerability Description

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

CVSS Score

3.5

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW

Related Weaknesses (CWE)

CWE-401

References

FAQ

What is CVE-2025-46686?

CVE-2025-46686 is a vulnerability with a CVSS score of 3.5 (LOW). Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments ...

How severe is CVE-2025-46686?

CVE-2025-46686 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-46686?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.