AI description
CVE-2025-32023 is a vulnerability affecting Redis, an open-source, in-memory database. It stems from a stack/heap out-of-bounds write within hyperloglog operations. An authenticated user can exploit this vulnerability by using a specially crafted string, potentially leading to remote code execution. The vulnerability affects Redis versions from 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19. The issue is addressed in versions 8.0.3, 7.4.5, 7.2.10, and 6.2.19. As a workaround, users can restrict the execution of hyperloglog operations using ACL to mitigate the risk without patching.
- Description
- Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- redis
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-680
- Hype score
- Not currently trending
🚨 Critical Redis patch for #openSUSE Leap 15.6! CVE-2025-32023: Remote Code Execution via HyperLogLog CVE-2025-48367: Denial-of-Service attack vector Read more: 👉https://t.co/9q90tQw0I4 #Security https://t.co/lyH2yKtqea
@Cezar_H_Linux
4 Sept 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Critical #Valkey Security Update! Patch immediately if using @openSUSE Leap 15.6 or @SUSELinuxEnterprise 15 SP6. ⚠️ CVE-2025-32023 (RCE - CVSS 8.8) - HyperLogLog exploit. ⚠️ CVE-2025-48367 (DoS) - Unauthenticated starvation. Read more: 👉 https://t.co/sOKkHyOQnK ht
@Cezar_H_Linux
2 Aug 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Warning: Two high severity vulnerabilities in @DahuaHQ smart cameras. CVE-2025-48367 and CVE-2025-32023 CVSS: 8.1. These buffer overflows can lead to a #DoS and, depending on the configuration, an #RCE! More info: https://t.co/8XN7t0oASS #Patch #Patch #Patch
@CCBalert
1 Aug 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#exploit #Vulnerability 1⃣ CVE-2025-4660: Windows Forescout SecureConnector RCE - https://t.co/sBpR2H4bWw 2⃣ CVE-2025-48384: Breaking git with a carriage return and cloning RCE - https://t.co/M9orG7oh1E 3⃣ CVE-2025-32023: RCE in Redis >= 2.8 - https://t.co/X2APbKJpe
@ksg93rd
24 Jul 2025
107 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
"Critical RCE Vulnerability in Redis HyperLogLog (CVE-2025-32023)" by Sharon #DEVCommunity #RCE #vulnerability #cybersecurity https://t.co/uMFRtaPj5o
@Sharon18866
9 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【漏洞复现】三条命令复现Redis hyperloglog 远程代码执行漏洞(CVE-2025-32023) https://t.co/OYkq0oYJXE https://t.co/TDkj3XzdQL
@cybersecuritysl
9 Jul 2025
3696 Impressions
12 Retweets
43 Likes
24 Bookmarks
0 Replies
0 Quotes
🚨 @Redisinc addresses CVE-2025-32023, CVE-2025-48367. Two HIGH severity flaws (CVSS 7.0-7.5) affecting thousands of companies worldwide. 🧵👇 https://t.co/0q4iY4Xh5B
@gothburz
7 Jul 2025
190 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
(CVE-2025-32023)[redis]Stack/heap OOBW in hyperloglog commands -> RCE https://t.co/bOPRCbqgoF Zerodeo: https://t.co/kGsfQj8tue PoC & Exploit: https://t.co/r1BU7GZc1X Reported by Seunghyun Lee (@0x10n), as part of PlaidCTF 2025
@xvonfers
7 Jul 2025
3233 Impressions
18 Retweets
54 Likes
25 Bookmarks
0 Replies
0 Quotes
CVE-2025-32023 Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially craf… https://t.co/6GsbnvQ47e
@CVEnew
7 Jul 2025
437 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【CTFerの倫理】Redisに遠隔コード実行の脆弱性。CVE-2025-32023はCVSSスコア7.0の境界外書き込み。PoCあり。リアルゼロデイとしてカーネギーメロン大PPPによるPlaidCTF 2025でクソ問出題されたもの。 https://t.co/KmFVqPqYmb h
@__kokumoto
7 Jul 2025
5215 Impressions
13 Retweets
72 Likes
28 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2D30200-61C0-442C-B01C-3F8205D0D89E",
"versionEndExcluding": "6.2.19",
"versionStartIncluding": "2.8.0"
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC6911F1-DD64-4675-B57B-CCBF11A7786C",
"versionEndExcluding": "7.2.10",
"versionStartIncluding": "7.2.0"
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4454F0DA-CF1E-4CDA-95F7-8D38AF09A321",
"versionEndExcluding": "7.4.5",
"versionStartIncluding": "7.4.0"
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "950B5CD3-9E19-4DBA-8475-773C88193A71",
"versionEndExcluding": "8.0.3",
"versionStartIncluding": "8.0.0"
}
],
"operator": "OR"
}
]
}
]