Buffer Overflow in Redis 8.2.0 and Above
CVE-2025-62507

7.7HIGH

Key Information:

Vendor

Redis

Status
Redis
Vendor
CVE Published:
4 November 2025

What is CVE-2025-62507?

Redis, the open source in-memory database, is prone to a stack buffer overflow vulnerability in versions 8.2.0 and later. When a user executes the XACKDEL command with multiple IDs, it can trigger this overflow, potentially leading to remote code execution. Version 8.2.3 addresses this issue. To protect against this vulnerability without immediate patching, administrators can limit user access to the XACKDEL command by setting up Access Control Lists (ACL). This measure can effectively mitigate risks until the software can be updated.

Affected Version(s)

redis >= 8.2.0, < 8.2.3

References

https://github.com/redis/redis/security/advisories/GHSA-j...
x_refsource_CONFIRM
https://github.com/redis/redis/commit/5f83972188f6e5b1d6f...
x_refsource_MISC
https://github.com/redis/redis/releases/tag/8.2.3
x_refsource_MISC

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62507 : Buffer Overflow in Redis 8.2.0 and Above