CVE-2025-49112

low-risk
Published 2025-06-02

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

Do I need to act?

-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10 Low
ADJACENT_NETWORK / HIGH complexity

References (3)

https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src...
https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccb...
https://github.com/valkey-io/valkey/pull/2101
13
/ 100
low-risk
Severity 8/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal