Cyber Resilience

CVE-2025-32023

HighPublic PoC

Published: 07 July 2025

Published
07 July 2025
Modified
04 February 2026
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1844 95.4th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32023 is a high-severity Integer Overflow to Buffer Overflow (CWE-680) vulnerability in Redis Redis. Its CVSS base score is 7.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Redis is an open source in-memory database that persists on disk. CVE-2025-32023 is a stack/heap out-of-bounds write in hyperloglog operations that affects all versions from 2.8 through 8.0.2, 7.4.4, 7.2.9, and 6.2.18. An authenticated user who can supply a specially crafted string can trigger the flaw, which is tracked as CWE-680 and carries a CVSS 3.1 score of 7.0.

Because the attack requires local access and an existing authenticated session, a successful exploit can result in remote code execution on the Redis server. The issue is believed to affect every Redis release that implements hyperloglog commands.

Patches are available in Redis 8.0.3, 7.4.5, 7.2.10, and 6.2.19. The project also documents an ACL-based workaround that blocks all HLL commands without requiring a server binary update. The associated GitHub commits and release tags confirm the fixes and the command-restriction mitigation.

EU & UK References

Vulnerability details

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations,…

more

potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability enables remote code execution via out-of-bounds write in hyperloglog operations for authenticated low-privilege users, facilitating exploitation of the remote Redis service (T1210) and privilege escalation (T1068).

Affected Assets

redis
redis
2.8.0 — 6.2.19 · 7.2.0 — 7.2.10 · 7.4.0 — 7.4.5

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References