CRE-2025-0178

Redis Read-Only Replica Write Attempt ErrorCritical

Impact: 5/10

Mitigation: 9/10

CRE-2025-0178View on GitHub

RedisREADONLYReplicaReplicationWrite Error

Description

Detects attempts to perform write operations on Redis read-only replicas. This error indicates application misconfiguration where clients are incorrectly routing write commands to replica instances instead of the master.\n

Mitigation

IMMEDIATE ACTIONS:\n- Verify connection target: `redis-cli INFO replication`\n- Check if connected to replica: `redis-cli INFO | grep role`\n- Find master instance: `redis-cli INFO | grep master_host`\n- List all replicas: `redis-cli --cluster nodes`\n\nRECOVERY:\n- Redirect clients to master:\n ```\n # Update connection string to master\n redis://master-host:6379\n ```\n- For Redis Sentinel setups:\n ```\n # Connect via Sentinel for automatic master discovery\n sentinel://sentinel-host:26379/mymaster\n ```\n- Temporary replica promotion (if master failed):\n `redis-cli REPLICAOF NO ONE`\n\nCLIENT CONFIGURATION:\n- Configure read/write splitting:\n ```\n # Writes to master\n master_client = Redis(host='master')\n # Reads from replica\n replica_client = Redis(host='replica')\n ```\n- Use Redis Cluster aware clients\n- Implement retry logic with master discovery\n\nPREVENTION:\n- Use Redis Sentinel for automatic failover\n- Implement proper connection pooling\n- Separate read and write connection pools\n- Monitor topology changes\n- Document Redis architecture clearly\n- Regular failover testing\n

References

• https://redis.io/docs/latest/operate/oss_and_stack/management/replication/#read-only-replica
• https://redis.io/docs/latest/operate/oss_and_stack/management/sentinel/
• https://redis.io/commands/readonly/