cbcvebase.
CVE-2025-62507
published 2025-11-04

CVE-2025-62507: Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and…

PriorityP269high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
6.43%
92.9th percentile
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Affected

3 ranges
VendorProductVersion rangeFixed in
debianredis
redisredis
redisredis>= 8.2.0 < 8.2.38.2.3

Detection & IOCsextracted from sources · hover to see the quote

  • Detect exploitation attempts by monitoring Redis command logs for XACKDEL invocations with multiple IDs, which is the specific trigger for the stack buffer overflow in CVE-2025-62507.
  • Alert on any use of the XACKDEL Redis command in environments running Redis 8.2.0 through 8.2.2, as these versions are the affected range.
  • Monitor Redis ACL logs or audit trails for XACKDEL command execution; absence of ACL restrictions on XACKDEL in Redis 8.2.x is a misconfiguration indicator.
  • Flag Redis instances where the XACKDEL command is not blocked via ACL and the server version is 8.2.0 or above but below 8.2.3, as these are vulnerable to stack-based buffer overflow leading to potential RCE.
  • ·The vulnerability only affects Redis versions 8.2.0 and above (up to 8.2.2); Redis versions shipped with RHEL 8 and RHEL 9 (redis:6, redis:7, redis) are explicitly listed as not affected.
  • ·The workaround (ACL restriction of XACKDEL) is noted by Red Hat as not meeting their mitigation criteria for ease of use and deployment, so patching to 8.2.3 is the preferred remediation.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv7.7HIGH
vendor_debian7.7LOW
vendor_redhat7.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.