CVE-2025-27151

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Redis versions 7.0.0 through 8.0.2

Description Redis is an open source, in-memory database that persists on disk. A stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. The issue has been patched in version 8.0.2.

Recommendations For versions 7.0.0 through 8.0.2, update to version 8.0.2 to resolve the issue. As a temporary workaround, consider disabling the redis-check-aof function until a patch is available. Restrict access to the vulnerable redis-check-aof module to minimize the risk of exploitation. Avoid using the filepath variable in the affected redis-check-aof function until the issue is resolved.

Exploit

Fix

RCE

DoS

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-20

Related Identifiers

ALSA-2025:11401

ALSA-2025:12008

ALT-PU-2025-11673

ALT-PU-2025-13204

ALT-PU-2025-9764

ALT-PU-2025-9766

AZL-63750

BDU:2025-08608

BIT-KEYDB-2025-27151

BIT-REDIS-2025-27151

BIT-VALKEY-2025-27151

CVE-2025-27151

DSA-5969-1

ECHO-2645-54D2-B8F2

GHSA-5453-Q98W-CMVM

INFSA-2025_12008

MGASA-2025-0211

OESA-2025-1630

OPENSUSE-SU-2025:15293-1

OPENSUSE-SU-2025:15306-1

RHSA-2025:11401

RHSA-2025:12008

RHSA-2025_12008

SUSE-SU-2025:01942-1

SUSE-SU-2025:02190-1

SUSE-SU-2025:02231-1

SUSE-SU-2025:02679-1

SUSE-SU-2025:02681-1

SUSE-SU-2025_01942-1

SUSE-SU-2025_02190-1

SUSE-SU-2025_02231-1

SUSE-SU-2025_02679-1

SUSE-SU-2025_02681-1

Affected Products

Alt Linux

Almalinux

Debian

Red Hat

Red Os

Redis

Rocky Linux

Suse

CVE-2025-27151

Weakness Enumeration

Related Identifiers

Affected Products

References · 83