CVE-2025-32023
BaseFortify
Publication date: 2025-07-07
Last updated on: 2026-02-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redis | redis | From 7.0.0 (inc) to 7.2.9 (inc) |
| redis | redis | From 7.0.0 (inc) to 7.2.9 (inc) |
| redis | redis | From 7.0.0 (inc) to 7.2.9 (inc) |
| redis | redis | From 7.0.0 (inc) to 7.2.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-680 | The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-32023 is a vulnerability in Redis, an open source in-memory database, affecting versions from 2.8 up to certain patched versions. It involves a flaw in the handling of HyperLogLog (HLL) commands, where an authenticated user can provide a specially crafted string that triggers a stack or heap out-of-bounds write during HLL operations. This memory corruption can potentially lead to remote code execution. The root cause is improper bounds checking when processing sparse-encoded HLL data structures, allowing buffer overflows. The vulnerability is fixed by adding rigorous bounds checks and validation to prevent out-of-bounds writes and rejecting invalid sparse HLL data. [4, 5]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including remote code execution by an authenticated user, which means an attacker with limited privileges could execute arbitrary code on the Redis server. This can lead to full compromise of the server, data corruption, data loss, or denial of service. The CVSS score indicates high impact on confidentiality, integrity, and availability, meaning sensitive data could be exposed or altered, and service could be disrupted. [4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for the use of HyperLogLog (HLL) commands in Redis by authenticated users, especially if suspicious or malformed HLL commands are observed. Since the vulnerability involves specially crafted strings triggering out-of-bounds writes in HLL operations, you can check Redis logs for unusual errors or crashes related to HLL commands such as PFADD, PFCOUNT, or PFDEBUG. Additionally, testing with Redis commands like `pfcount` or `pfdebug getreg` on suspicious HLL data may reveal errors indicating corrupted or malicious payloads. There are no specific detection commands provided, but restricting or auditing HLL command usage via ACLs can help identify attempts to exploit this vulnerability. [4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Redis to a fixed version: 8.0.3, 7.4.5, 7.2.10, or 6.2.19, where the vulnerability is patched. If upgrading is not immediately possible, administrators should restrict or disable HyperLogLog commands using Access Control Lists (ACLs) to prevent users from executing HLL operations, thereby mitigating exploitation risk. This workaround prevents the execution of the vulnerable code paths until a patch can be applied. [4]