Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-32023Integer Overflow to Buffer Overflow in Redis

CWE-680Integer Overflow to Buffer OverflowCWE-787Out-of-bounds Write7 documents7 sources
Severity
7.8HIGHNVD
EPSS
12.6%
top 6.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
RedisLfprojects ValkeyDebian Redict+6 more
Timeline
PublishedJul 7
Latest updateMar 24

Description

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without p

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

NVDredis/redis2.8.06.2.19+3
debiandebian/redis< redict 7.3.5+ds-1 (forky)
Debianredis/redis< 5:6.0.16-1+deb11u7+3
CVEListV5redis/redis4 versions+3

Patches

Patch: github.com

🔴Vulnerability Details

1
OSV
CVE-2025-32023: Redis is an open source, in-memory database that persists on disk2025-07-07

💥Exploits & PoCs

1
Exploit-DB
Redis 8.0.2 - RCE2026-02-04

📋Vendor Advisories

4
Ubuntu
Redis vulnerability2026-03-24
Microsoft
Redis allows out of bounds writes in hyperloglog commands leading to RCE2025-07-08
Red Hat
redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability2025-07-07
Debian
CVE-2025-32023: redict - Redis is an open source, in-memory database that persists on disk. From 2.8 to b...2025
CVE-2025-32023 — Integer Overflow to Buffer Overflow | cvebase