CVE-2025-29923

Summary

CVE-2025-29923 affects the go-redis library, the official Redis client for the Go programming language, prior to versions 9.5.5, 9.6.3, and 9.7.3. The vulnerability arises when go-redis fails to respond in order during the establishment of a connection, potentially causing incorrect responses to various commands in the pipeline. This issue can manifest due to network connectivity problems, client-side aggressive timeouts, or client identity transmission. For sticky connections, this issue leads to persistent out-of-order responses, while for the ConnPool, the connection may be marked as bad, discarding it after at most one erroneous response. This vulnerability is rectified in versions 9.5.5, 9.6.3, and 9.7.3. Users can mitigate the risk by setting the DisableIndentity flag to true when initializing the client instance.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.