2412366 – (CVE-2025-62507) CVE-2025-62507 redis: Redis: Bug in XACKDEL may lead to stack overflow and potential RCE

Bug 2412366 (CVE-2025-62507) - CVE-2025-62507 redis: Redis: Bug in XACKDEL may lead to stack overflow and potential RCE

Summary: CVE-2025-62507 redis: Redis: Bug in XACKDEL may lead to stack overflow and po...

Keywords:
Status:	NEW
Alias:	CVE-2025-62507
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-04 22:03 UTC by OSIDB Bzimport
Modified:	2025-11-04 22:32 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-04 22:03:14 UTC

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Note You need to log in before you can comment on or make changes to this bug.