CVE-2025-27151

CRITICAL EPSS 51.9%
Published May 29, 20251y ago · Modified Jun 17, 20261w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 29, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
51.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-121
CWE-20 Improper Input Validation Validation

Affected Products 3

VendorProductVersionRange
redisredis*≥7.0.0  –  <7.2.9
redisredis*≥7.4.0  –  <7.4.4
redisredis*≥8.0.0  –  <8.0.2

References 3

  • github.com https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56
    Patch
  • github.com https://github.com/redis/redis/releases/tag/8.0.2
    Release Notes
  • github.com https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm
    Third Party Advisory

Remediation

  • github.com https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56
    Patch