Azure Linux 3.0 Security Update: keda (CVE-2025-29923)

🗓️ 22 Jan 2026 00:00:00Reported by TenableType

Azure Linux 3.0 host vulnerable to CVE-2025-29923; go-redis prior to 9.5.5, 9.6.3, 9.7.3 may misorder responses; upgrade or enable DisableIdentity.

Reporter	Title	Published	Views	Family All 145
FreeBSD	gitea -- Multiple vulnerabilities	12 Mar 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for May 2026.	1 Jun 202610:46	–	ibm
IBM Security Bulletins	Security Bulletin: Due to the use of go-redis, IBM watsonx.ai on Cloud Pak for Data is vulnerable to out of order response during time-outs	16 Jan 202608:37	–	ibm
CBLMariner	CVE-2025-29923 affecting package keda for versions less than 2.14.1-5	1 Apr 202515:08	–	cbl_mariner
Chainguard	CVE-2025-29923 vulnerabilities	21 Mar 202516:12	–	cgr
Circl	CVE-2025-29923	20 Mar 202518:20	–	circl
CNNVD	Redis client for Go 输入验证错误漏洞	20 Mar 202500:00	–	cnnvd
CVE	CVE-2025-29923	20 Mar 202518:03	–	cve
Cvelist	CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment	20 Mar 202518:03	–	cvelist
Debian CVE	CVE-2025-29923	20 Mar 202518:03	–	debiancve

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-29923
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(295057);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/22");

  script_cve_id("CVE-2025-29923");

  script_name(english:"Azure Linux 3.0 Security Update: keda (CVE-2025-29923)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Azure Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected
by a vulnerability as referenced in the CVE-2025-29923 advisory.

  - go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and
    9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection
    establishment. This can happen when the client is configured to transmit its identity, there are network
    connectivity issues, or the client was configured with aggressive timeouts. The problem occurs for
    multiple use cases. For sticky connections, you receive persistent out-of-order responses for the lifetime
    of the connection. All commands in the pipeline receive incorrect responses. When used with the default
    ConnPool once a connection is returned after use with ConnPool#Put the read buffer will be checked and the
    connection will be marked as bad due to the unread data. This means that at most one out-of-order response
    before the connection is discarded. This issue is fixed in 9.5.5, 9.6.3, and 9.7.3. You can prevent the
    vulnerability by setting the flag DisableIndentity to true when constructing the client instance.
    (CVE-2025-29923)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2025-29923");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-29923");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:keda");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:azure_linux:keda-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:azure_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Azure Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AzureLinux/release", "Host/AzureLinux/rpm-list", "Host/cpu");

  exit(0);
}
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AzureLinux/release');
if (isnull(release) || 'Azure Linux' >!< release) audit(AUDIT_OS_NOT, 'Azure Linux');
var os_ver = pregmatch(pattern: "Azure Linux ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Azure Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Azure Linux 3.0', 'Azure Linux ' + os_ver);

if (!get_kb_item('Host/AzureLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
  audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Azure Linux', cpu);

var pkgs = [
    {'reference':'keda-2.14.1-5.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'keda-2.14.1-5.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'keda-debuginfo-2.14.1-5.azl3', 'cpu':'aarch64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'keda-debuginfo-2.14.1-5.azl3', 'cpu':'x86_64', 'release':'3.0', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Azure Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'keda / keda-debuginfo');
}

22 Jan 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.13.7

EPSS0.00646

SSVC