CVE-2025-62507

HIGH LAB

Redis < 8.2.3 - Out-of-Bounds Write

Title source: rule

Description

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Exploits (3)

github WORKING POC 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-62507

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by Network-Sec · poc

https://github.com/Network-Sec/CVE-2025-62507-Buffer-Overflow_PoC

View Code ZIP pw:eip

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-62507

View Code ZIP pw:eip

References (3)

[Patch] https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741

[Release Notes] https://github.com/redis/redis/releases/tag/8.2.3

[Vendor Advisory] https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8

Related Analysis

Redis Stack Overflow to RCE

Scores

CVSS v3 8.8

EPSS 0.0011

EPSS Percentile 28.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Lab Environment

EIP LAB

Docker Lab

vulnerable docker pull ghcr.io/exploitintel/cve-2025-62507-vulnerable:latest

View in Library GitHub

COMMUNITY

docker pull cve-2025-62507-lab:latest

https://github.com/Network-Sec/CVE-2025-62507-Buffer-Overflow_PoC

https://github.com/adminlove520/CVE-Poc_All_in_One

https://github.com/exploitintel/eip-pocs-and-cves

View in Library

Details

CWE

CWE-121 CWE-20 CWE-787

Status published

Products (1)

redis/redis 8.2.0 - 8.2.3

Published Nov 04, 2025

Tracked Since Feb 18, 2026