Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-32023
Modified
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-07 Jul, 2025 | 16:15
Updated At-04 Feb, 2026 | 20:16

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.0HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Redis Inc.
redis
>>redis>>Versions from 2.8.0(inclusive) to 6.2.19(exclusive)
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Redis Inc.
redis
>>redis>>Versions from 7.2.0(inclusive) to 7.2.10(exclusive)
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Redis Inc.
redis
>>redis>>Versions from 7.4.0(inclusive) to 7.4.5(exclusive)
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Redis Inc.
redis
>>redis>>Versions from 8.0.0(inclusive) to 8.0.3(exclusive)
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-680Secondarysecurity-advisories@github.com
CWE ID: CWE-680
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445security-advisories@github.com
Patch
https://github.com/redis/redis/releases/tag/6.2.19security-advisories@github.com
Release Notes
https://github.com/redis/redis/releases/tag/7.2.10security-advisories@github.com
Release Notes
https://github.com/redis/redis/releases/tag/7.4.5security-advisories@github.com
Release Notes
https://github.com/redis/redis/releases/tag/8.0.3security-advisories@github.com
Release Notes
https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43security-advisories@github.com
Third Party Advisory
https://www.exploit-db.com/exploits/52477af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/redis/redis/releases/tag/6.2.19
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/redis/redis/releases/tag/7.2.10
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/redis/redis/releases/tag/7.4.5
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/redis/redis/releases/tag/8.0.3
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43
Source: security-advisories@github.com
Resource:
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/52477
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found