Stack-based Buffer Overflow in Redis Affects Open Source In-Memory Database
CVE-2025-27151

4.7MEDIUM

Key Information:

Vendor

Redis

Status
Redis
Vendor
CVE Published:
29 May 2025

What is CVE-2025-27151?

A vulnerability has been identified in Redis, specifically in the redis-check-aof component. This issue arises from a stack-based buffer overflow resulting from the improper use of memcpy combined with user-supplied file paths. When a user-defined filepath is copied into a fixed-size stack buffer, it can lead to an overflow, potentially allowing an attacker to execute arbitrary code. This vulnerability affects all Redis versions from 7.0.0 up to, but not including, 8.0.2. Users are strongly advised to upgrade to version 8.0.2 or later to mitigate this risk.

Affected Version(s)

redis >= 7.0.0, < 8.0.2

References

https://github.com/redis/redis/security/advisories/GHSA-5...
x_refsource_CONFIRM
https://github.com/redis/redis/commit/643b5db235cb82508e7...
x_refsource_MISC
https://github.com/redis/redis/releases/tag/8.0.2
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27151 : Stack-based Buffer Overflow in Redis Affects Open Source In-Memory Database