CVE-2026-25588
Analyzed Analyzed - Analysis Complete
Memory Corruption in RedisTimeSeries Module

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: GitHub, Inc.

Description
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisTimeSeries module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This has been patched in version 1.12.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25588
EUVD
EUVD-2026-27413
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redistimeseries redistimeseries to 1.12.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25588 is a high-severity vulnerability in the RedisTimeSeries module for Redis. It arises because the module does not properly validate serialized values processed through the RESTORE command. An authenticated attacker with permission to execute RESTORE can supply a specially crafted serialized payload that triggers invalid memory access, specifically a heap-based buffer overflow. This flaw can lead to remote code execution, allowing the attacker to run arbitrary code within the Redis server context.

Impact Analysis

Exploitation of this vulnerability can have serious impacts including compromise of the affected system. An attacker could execute arbitrary code remotely, potentially leading to unauthorized access, data exfiltration, disruption of services, or complete system takeover. The vulnerability affects confidentiality, integrity, and availability of the Redis server running the vulnerable RedisTimeSeries module.

Detection Guidance

Detection of this vulnerability involves verifying if the RedisTimeSeries module is loaded on your Redis server and if the RESTORE command is accessible to authenticated users.

You can check if the RedisTimeSeries module is loaded by running the following Redis command:

  • MODULE LIST

To check if the RESTORE command is accessible, you can review the ACL rules with:

  • ACL LIST

Additionally, monitoring logs for unusual or unauthorized RESTORE command usage may help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation involves restricting access to the RESTORE command using Redis ACL rules to prevent unauthorized or untrusted users from executing it.

Applying the security patch by upgrading RedisTimeSeries to version 1.12.14 or later is the recommended permanent fix.

If you are using Redis 8 or later, consider using the integrated time series data structure instead of the standalone RedisTimeSeries module.

Compliance Impact

The vulnerability in RedisTimeSeries allows an authenticated attacker to execute arbitrary code on the Redis server, potentially compromising the confidentiality, integrity, and availability of the system.

Such a compromise could lead to unauthorized access to sensitive data, data exfiltration, or disruption of services, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive information.

Mitigating this vulnerability by restricting access to the RESTORE command with ACL rules or applying the patch in version 1.12.14 is important to maintain compliance and reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25588. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart