Alibaba Cloud Linux 3 : 0125: redis:6 (ALINUX3-SA-2025:0125)

🗓️ 06 Aug 2025 00:00:00Reported by TenableType

Alibaba Cloud Linux 3 packages vulnerable, affecting Redis versions before 8.0.3, fixes available.

Reporter	Title	Published	Views	Family All 288
IBM Security Bulletins	Security Bulletin: Due to the use of Redis, IBM DataPower Gateway is vulnerable to a denial of service	23 Oct 202520:56	–	ibm
GithubExploit	Exploit for CVE-2025-32023	6 Jul 202518:09	–	githubexploit
GithubExploit	Exploit for CVE-2025-32023	9 Jul 202521:34	–	githubexploit
FreeBSD	redis,valkey -- DoS Vulnerability due to bad connection error handling	6 Jul 202500:00	–	freebsd
FreeBSD	redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE	6 Jul 202500:00	–	freebsd
Tenable Nessus	Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-1066)	10 Jul 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2025-1067)	10 Jul 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : redis (ALASREDIS6-2025-013)	10 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : valkey (ALSA-2025:11401)	9 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : redis:6 (ALSA-2025:12006)	30 Jul 202500:00	–	nessus

Source	Link
mirrors	www.mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20250125.xml
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2025:0125.
##

include('compat.inc');

if (description)
{
  script_id(243959);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/06");

  script_cve_id("CVE-2025-32023", "CVE-2025-48367");

  script_name(english:"Alibaba Cloud Linux 3 : 0125: redis:6 (ALINUX3-SA-2025:0125)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2025:0125 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2025-32023:
    Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5,
    7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out
    of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely
    affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3,
    7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-
    server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to
    restrict HLL commands.

    CVE-2025-48367:
    Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause
    repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This
    vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20250125.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-32023");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alibaba Cloud Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Alibaba Cloud Linux' >!< os_product) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_version);

if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'redis-6.2.19-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-6.2.19-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debuginfo-6.2.19-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debuginfo-6.2.19-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debugsource-6.2.19-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debugsource-6.2.19-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-devel-6.2.19-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-devel-6.2.19-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-doc-6.2.19-1.0.1.1.al8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redis / redis-debuginfo / redis-debugsource / redis-devel / etc');
}

06 Aug 2025 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5 - 7.8

EPSS0.18438

SSVC