CVE-2025-62507NVD

Vulnerability Summary

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Severity Level

HIGH(7.7)

Published Date

Nov 4, 2025

Last Modified

Nov 4, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-20: Improper Input Validation ↗

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

External References

https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741
https://github.com/redis/redis/releases/tag/8.2.3
https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-62507NVD

Vulnerability Summary

External References