Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2025-62507

Redis: Bug in XACKDEL may lead to stack overflow and potential RCE
Back to all
CVE

CVE-2025-62507

Redis: Bug in XACKDEL may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.7
-
4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
C
H
U
-

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62507.json, https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741, https://github.com/redis/redis/releases/tag/8.2.3, https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8, https://nvd.nist.gov/vuln/detail/CVE-2025-62507

Severity

0

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
0
EPSS Probability
0.00103%
EPSS Percentile
0.28865%
Introduced Version
4fa8bf356b4bf0f1ce345286a4f02d022a4badcb,8.2.0,0
Fix Available
ceb01e1584d6fd847cccf4e3aca2100d2097c321,8.2.3,8.2.3-r0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading