CVE-2025-62507

Name of the Vulnerable Software and Affected Versions Redis versions 8.2.0 through 8.2.2

Description Redis, an open-source, in-memory database, contains a stack buffer overflow issue in the XACKDEL command when handling multiple IDs. Successful exploitation of this issue may allow a remote attacker to execute arbitrary code. Reports indicate over 3,200 servers are fully exposed and approximately 180,000 servers are potentially exposed. The vulnerability is triggered when a user executes the XACKDEL command with multiple IDs, leading to a stack buffer overflow. The /api/v1/xackdel endpoint is potentially affected. The XACKDEL command takes id as a vulnerable parameter. This issue is exploitable with a simple, single-command exploit.

Recommendations Redis versions 8.2.0 through 8.2.2 are vulnerable. Update to Redis version 8.2.3 or later. As a temporary workaround, restrict access to the XACKDEL command using Access Control Lists (ACLs).