CVE-2025-62507

HIGH EPSS 92.9%
Published Nov 4, 20257mo ago · Modified Jun 17, 20261w ago
7.7 CVSS 4.0
High
Find Similar
Published Nov 4, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

CVSS Details

Base Score
7.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
92.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 3

CWE-121
CWE-20 Improper Input Validation Validation
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
redisredis*≥8.2.0  –  <8.2.3

References 3

  • github.com https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741
    Patch
  • github.com https://github.com/redis/redis/releases/tag/8.2.3
    Release Notes
  • github.com https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8
    Vendor Advisory

Remediation

  • github.com https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741
    Patch