Security Advisory: CVE-2025-21605

The Redis Community and Redis have identified and remediated a security vulnerability, CVE-2025-21605, which allows an unauthenticated client to abuse the output buffer, causing a denial-of-service (DoS) attack. This vulnerability affects all versions of Redis Software and OSS/CE/Stack releases, with fixed releases available in 7.22.0-28 and above for Software, and 7.4.3 and above for OSS/CE. Exposure to this vulnerability requires a publicly exposed Redis endpoint. The community thanks researchers who identified and reported the vulnerabilities through their published process. To protect against this vulnerability, users are advised to follow best practices and upgrade their Redis to the latest release.