How severe is CVE-2025-29923?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2025-29923?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2025-29923 - LOW Severity | CVSS 3.7

Vulnerability Description

go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen when the client is configured to transmit its identity, there are network connectivity issues, or the client was configured with aggressive timeouts. The problem occurs for multiple use cases. For sticky connections, you receive persistent out-of-order responses for the lifetime of the connection. All commands in the pipeline receive incorrect responses. When used with the default ConnPool once a connection is returned after use with ConnPool#Put the read buffer will be checked and the connection will be marked as bad due to the unread data. This means that at most one out-of-order response before the connection is discarded. This issue is fixed in 9.5.5, 9.6.3, and 9.7.3. You can prevent the vulnerability by setting the flag DisableIndentity to true when constructing the client instance.

Related Vulnerabilities

CVE-2012-3338

LOW

CVSS:3.7(Low)

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker coul...

CWE-202012

CVE-2015-7519

LOW

CVSS:3.7(Low)

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote at...

CWE-202015

CVE-2015-7759

LOW

CVSS:3.7(Low)

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attac...

CWE-202015

CVE-2016-0281

LOW

CVSS:3.7(Low)

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash...

CWE-202016

CVE-2016-6586

LOW

CVSS:3.7(Low)

A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add ...

CWE-202016

CVE-2016-8344

LOW

CVSS:3.7(Low)

An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release ...

CWE-202016