Buffer Overflow in Redis 8.2.0 and Above
CVE-2025-62507

7.7HIGH

Key Information:

Vendor

Redis

Status
Redis
Vendor
CVE Published:
4 November 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-62507?

Redis, the open source in-memory database, is prone to a stack buffer overflow vulnerability in versions 8.2.0 and later. When a user executes the XACKDEL command with multiple IDs, it can trigger this overflow, potentially leading to remote code execution. Version 8.2.3 addresses this issue. To protect against this vulnerability without immediate patching, administrators can limit user access to the XACKDEL command by setting up Access Control Lists (ACL). This measure can effectively mitigate risks until the software can be updated.

Affected Version(s)

redis >= 8.2.0, < 8.2.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-62507-Buffer-Overflow_PoC
Created by Network-Sec

References

https://github.com/redis/redis/security/advisories/GHSA-j...
x_refsource_CONFIRM
https://github.com/redis/redis/commit/5f83972188f6e5b1d6f...
x_refsource_MISC
https://github.com/redis/redis/releases/tag/8.2.3
x_refsource_MISC

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.