Redis Vulnerability Exposes Servers to Denial-of-Service Attacks - #CVE-2025-21605
A critical vulnerability, CVE-2025-21605, has been discovered in Redis versions 2.6 and later, posing a significant threat to server security. This high-severity flaw, with a CVSS score of 7.5, allows unauthenticated users to execute Denial-of-Service attacks by causing unlimited growth of output buffers, potentially exhausting server memory. The vulnerability is particularly dangerous as it can be exploited even on password-protected servers without authentication. Redis has addressed this issue in versions 6.2.18, 7.2.8, and 7.4.3. For users unable to upgrade immediately, alternative mitigation strategies such as implementing network access controls, firewalls, and enabling TLS with client-side certificate authentication are strongly recommended to minimize the risk of exploitation.