Security bulletins
Stay organized with collections
Save and categorize content based on your preferences.
This page provides information about security bulletins for Memorystore for Valkey.
GCP-2025-061
Published: 2025-10-21
Description
Description
Severity
Notes
A remote code execution vulnerability was found in open-source Valkey.
As a result, all versions that Memorystore for Valkey supports are impacted.
By default, Memorystore for Valkey instances aren't exposed to
the public internet, so the risk of this vulnerability is Low for
Memorystore for Valkey users who follow Google Cloud's security best practices.
What should you do?
Google has started applying patches automatically, with an estimated
completion date of November 6, 2025. No action is required from you
to receive this fix.
If you want to apply these patches to your Memorystore for Valkey
instances earlier than November 6, 2025, then use self-service
maintenance to complete the following actions:
Verify if the version matches the latest patched versions.
If the version isn't the latest maintenance version, then update
your instances to the latest maintenance version using self-service
maintenance for Memorystore for Valkey.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-10-22 UTC."],[],[]]
