CVE-2025-32023
Published: 07 July 2025
Summary
CVE-2025-32023 is a high-severity Integer Overflow to Buffer Overflow (CWE-680) vulnerability in Redis Redis. Its CVSS base score is 7.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Redis is an open source in-memory database that persists on disk. CVE-2025-32023 is a stack/heap out-of-bounds write in hyperloglog operations that affects all versions from 2.8 through 8.0.2, 7.4.4, 7.2.9, and 6.2.18. An authenticated user who can supply a specially crafted string can trigger the flaw, which is tracked as CWE-680 and carries a CVSS 3.1 score of 7.0.
Because the attack requires local access and an existing authenticated session, a successful exploit can result in remote code execution on the Redis server. The issue is believed to affect every Redis release that implements hyperloglog commands.
Patches are available in Redis 8.0.3, 7.4.5, 7.2.10, and 6.2.19. The project also documents an ACL-based workaround that blocks all HLL commands without requiring a server binary update. The associated GitHub commits and release tags confirm the fixes and the command-restriction mitigation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-20233
Vulnerability details
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations,…
more
potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution via out-of-bounds write in hyperloglog operations for authenticated low-privilege users, facilitating exploitation of the remote Redis service (T1210) and privilege escalation (T1068).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.