Out of Bounds Write Vulnerability in Redis Open Source In-Memory Database
CVE-2025-32023

7HIGH

Key Information:

Vendor

Redis

Status
Redis
Vendor
CVE Published:
7 July 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-32023?

A vulnerability exists in Redis, an open-source in-memory database, affecting various versions including 2.8 and those before 8.0.3. Authenticated users can exploit this flaw by using specially crafted strings during hyperloglog operations, triggering a stack/heap out of bounds write. This could potentially enable remote code execution on affected systems. To mitigate this issue while awaiting a patch, users should implement ACL (Access Control List) restrictions to prevent the execution of hyperloglog commands.

Affected Version(s)

redis >= 8.0.0, < 8.0.3 < 8.0.0, 8.0.3

redis >= 7.4-rc1, < 7.4.5 < 7.4-rc1, 7.4.5

redis >= 7.0.0, < 7.2.10 < 7.0.0, 7.2.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-32023
Created by leesh3288

References

https://github.com/redis/redis/security/advisories/GHSA-r...
x_refsource_CONFIRM
https://github.com/redis/redis/commit/50188747cbfe43528d2...
x_refsource_MISC
https://github.com/redis/redis/releases/tag/6.2.19
x_refsource_MISC

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-32023 : Out of Bounds Write Vulnerability in Redis Open Source In-Memory Database