Common Vulnerabilities and Exposures (CVE): Security vulnerabilities addressed in MemoryDB
Common Vulnerabilities and Exposures (CVE) is a list of entries for publicly known cybersecurity vulnerabilities. Each entry is a link that contains an identification number, a description, and at least one public reference. You can find on this page a list of security vulnerabilities that have been addressed in MemoryDB.
We recommend that you always upgrade to the latest MemoryDB versions to be protected against known vulnerabilities. MemoryDB exposes the PATCH component. PATCH versions are for backwards-compatible bug fixes, security fixes, and non-functional changes.
You can use the following table to verify whether a particular version of MemoryDB includes a fix for a specific security vulnerability. If your MemoryDB cache is pending service update, it may be vulnerable to one of the security vulnerabilities listed below. We recommend that you apply the service update. For more information on the supported MemoryDB engine versions and how to upgrade, see Engine versions.
Note
If a CVE is addressed in an MemoryDB version, it means it is also addressed in the newer versions.
An asterisk (*) in the following table indicates you must have the latest service update applied for the MemoryDB cluster running the version specified in order to address the security vulnerability. For more information on how to verify you have the latest service update applied for the MemoryDB version your cluster is running on, see Managing the service updates.
| MemoryDB version | CVEs Addressed |
|---|---|
|
Valkey 7.3 and all previous versions of Valkey Redis OSS 7.1 and all previous versions of Redis OSS |
CVE-2025-49844 |
|
Valkey 7.2 and 7.3 |
CVE-2025-21607 |
|
Valkey 7.2.7 |
|
|
Redis OSS 7.1 and 6.2 |
CVE-2025-21605 |
|
Redis OSS 7.0.7 |
|
|
Redis OSS 6.2.7 |
|
|
Redis OSS 6.2.6 |
CVE-2022-24834
CVE-2023-45145 |
|
Redis OSS 6.0.5 |