{"id":"CVE-2025-62507","summary":"Redis: Bug in XACKDEL may lead to stack overflow and potential RCE","details":"Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.","aliases":["BIT-keydb-2025-62507","BIT-redis-2025-62507","GHSA-jhjx-x4cf-4vm8"],"modified":"2026-04-02T12:57:48.634781Z","published":"2025-11-04T21:24:44.802Z","related":["openSUSE-SU-2025:15698-1","openSUSE-SU-2025:20121-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62507.json","cwe_ids":["CWE-121","CWE-20"]},"references":[{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.2.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62507.json"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62507"},{"type":"FIX","url":"https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"4fa8bf356b4bf0f1ce345286a4f02d022a4badcb"},{"fixed":"ceb01e1584d6fd847cccf4e3aca2100d2097c321"}]}],"versions":["8.2.0","8.2.1","8.2.1-int","8.2.2","8.2.2-int"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62507.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}