CVE-2025-62507
Public on 2025-11-04
Modified on 2025-11-05
Description
Bug in XACKDEL may lead to stack overflow and potential RCE
NOTE: https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8
NOTE: Introduced with: https://github.com/redis/redis/commit/fa040a72c0720d9b0a833117b086e5bbafa6ddc8 (8.2-rc1)
NOTE: Fixed by: https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741 (8.2.3)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8
NOTE: Introduced with: https://github.com/redis/redis/commit/fa040a72c0720d9b0a833117b086e5bbafa6ddc8 (8.2-rc1)
NOTE: Fixed by: https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741 (8.2.3)
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Redis6 Extra | redis | Not Affected | ||
| Amazon Linux 2023 | redis6 | Not Affected | ||
| Amazon Linux 2023 | valkey | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H |