Description

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

INFO

Published Date :

2025-07-07T15:22:19.155Z

Last Modified :

2026-02-04T19:26:46.239Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32023 vulnerability.

Vendors Products
Redis
  • Redis
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32023.

URL Resource
https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445 cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/6.2.19 cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/7.2.10 cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/7.4.5 cve-icon cve-icon cve-icon
https://github.com/redis/redis/releases/tag/8.0.3 cve-icon cve-icon cve-icon
https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-32023 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-32023 cve-icon
https://www.exploit-db.com/exploits/52477 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact