CVE-2025-62507

UNKNOWN 0.0

Redis: Bug in XACKDEL may lead to stack overflow and potential RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.

CWE	CWE-20 CWE-121
Vendor	redis
Product	redis
Ecosystems	Database Cache
Industries	Technology
Published	Nov 4, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for redis redis

Be the first to know when new unknown vulnerabilities affecting redis redis are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

redis / redis

>= 8.2.0, < 8.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8 github.com: https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741 github.com: https://github.com/redis/redis/releases/tag/8.2.3