CVE-2025-62507

EPSS 0.11%
Veröffentlicht 04.11.2025 21:24:44
Zuletzt bearbeitet 08.12.2025 16:23:27
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Redis: Bug in XACKDEL may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redis ≫ Redis Version >= 8.2.0 < 8.2.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.283

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.7	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8

Vendor Advisory

https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741

Patch

https://github.com/redis/redis/releases/tag/8.2.3

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-62507

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62507

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62507

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-62507