Description

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

INFO

Published Date :

2025-05-29T09:07:34.779Z

Last Modified :

2025-05-29T13:43:09.725Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27151 vulnerability.

Vendors Products
Redis
  • Redis
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27151.

URL Resource
https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56 cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/8.0.2 cve-icon cve-icon cve-icon
https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-27151 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-27151 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact