CVE-2025-62507
Published: 04 November 2025
Summary
CVE-2025-62507 is a high-severity Improper Input Validation (CWE-20) vulnerability in Redis Redis. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 28.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the stack buffer overflow by requiring timely application of the official patch in Redis version 8.2.3.
Enforces least privilege using Redis ACL to restrict execution of the vulnerable XACKDEL command, preventing exploitation by low-privilege authenticated users as per the recommended workaround.
Addresses the root cause of improper input validation (CWE-20) by validating the number and format of IDs in XACKDEL commands to prevent stack buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The stack buffer overflow in Redis allows authenticated low-privilege remote attackers to achieve RCE on the redis-server process, directly facilitating Exploitation for Privilege Escalation (T1068) and Exploitation of Remote Services (T1210).
NVD Description
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution.…
more
This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
Deeper analysisAI
CVE-2025-62507 is a stack buffer overflow vulnerability in Redis, an open source in-memory database that persists on disk. The issue affects versions 8.2.0 and above, where a user can execute the XACKDEL command with multiple IDs to trigger the overflow, potentially leading to remote code execution. It is associated with CWE-20 (Improper Input Validation), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. By sending a specially crafted XACKDEL command containing multiple IDs, the attacker triggers the stack buffer overflow, potentially achieving remote code execution on the redis-server, resulting in high impacts to confidentiality, integrity, and availability.
The vulnerability is fixed in Redis version 8.2.3, as detailed in the official release notes and the associated GitHub security advisory (GHSA-jhjx-x4cf-4vm8). A workaround without patching involves using Redis ACL rules to restrict execution of the XACKDEL command by users. The fixing commit is available at https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741.
Details
- CWE(s)