Cyber Resilience

CVE-2025-62507

High

Published: 04 November 2025

Published
04 November 2025
Modified
08 December 2025
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0018 39.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62507 is a high-severity Improper Input Validation (CWE-20) vulnerability in Redis Redis. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-62507 is a stack buffer overflow vulnerability in Redis, an open source in-memory database that persists on disk. The issue affects versions 8.2.0 and above, where a user can execute the XACKDEL command with multiple IDs to trigger the overflow, potentially leading to remote code execution. It is associated with CWE-20 (Improper Input Validation), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity and no user interaction required. By sending a specially crafted XACKDEL command containing multiple IDs, the attacker triggers the stack buffer overflow, potentially achieving remote code execution on the redis-server, resulting in high impacts to confidentiality, integrity, and availability.

The vulnerability is fixed in Redis version 8.2.3, as detailed in the official release notes and the associated GitHub security advisory (GHSA-jhjx-x4cf-4vm8). A workaround without patching involves using Redis ACL rules to restrict execution of the XACKDEL command by users. The fixing commit is available at https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741.

EU & UK References

Vulnerability details

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution.…

more

This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The stack buffer overflow in Redis allows authenticated low-privilege remote attackers to achieve RCE on the redis-server process, directly facilitating Exploitation for Privilege Escalation (T1068) and Exploitation of Remote Services (T1210).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-46817Same product: Redis Redis
CVE-2026-25243Same product: Redis Redis
CVE-2026-23479Same product: Redis Redis
CVE-2026-23631Same product: Redis Redis
CVE-2025-49844Same product: Redis Redis
CVE-2024-46981Same product: Redis Redis
CVE-2025-44014Shared CWE-787
CVE-2026-31432Shared CWE-787
CVE-2026-3823Shared CWE-121, CWE-787
CVE-2026-4747Shared CWE-121

Affected Assets

redis
redis
8.2.0 — 8.2.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the stack buffer overflow by requiring timely application of the official patch in Redis version 8.2.3.

prevent

Enforces least privilege using Redis ACL to restrict execution of the vulnerable XACKDEL command, preventing exploitation by low-privilege authenticated users as per the recommended workaround.

prevent

Addresses the root cause of improper input validation (CWE-20) by validating the number and format of IDs in XACKDEL commands to prevent stack buffer overflow.

References