Vulnerability Report

CVE-2025-32023

RCE

Title: Redis Redis Memory Corruption

Memory Corruption

Proof Of Concept

PoC Available for CVE-2025-32023

CWE Category CWE-680

Published Date Jul 07, 2025

Modified Date Feb 04, 2026

Exploit Status Available

Score 7.0 CVSS v3.1

Exploit Probability (EPSS)

3.88%

Vulnerability Summary

CVE-2025-32023: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

Impacted Vendors

redislabs 1

anynines 1

redis 1

Reference Links

https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445 https://github.com/redis/redis/releases/tag/6.2.19 https://github.com/redis/redis/releases/tag/7.2.10 https://github.com/redis/redis/releases/tag/7.4.5 https://github.com/redis/redis/releases/tag/8.0.3 https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.0

Attack Vector

LOCAL

Complexity

HIGH

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.8

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2025-32023 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/leesh3288/CVE-2025-32023

View Code

GitHub https://github.com/Ashwesker/Blackash-CVE-2025-32023

View Code

GitHub https://github.com/LordBheem/CVE-2025-32023

View Code

Exploit-DB https://www.exploit-db.com/exploits/52477

View Code

February 04, 2026 MODIFIED

Vulnerability data updated via NVD.

February 04, 2026 MODIFIED

Vulnerability data updated via NVD.

September 05, 2025 MODIFIED

Vulnerability data or affected products updated.

July 07, 2025 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity HIGH

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.