CVE-2026-25589
Analyzed Analyzed - Analysis Complete
Remote Code Execution in RedisBloom Module

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: GitHub, Inc.

Description
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisBloom module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This issue is fixed in version 2.8.20.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25589
EUVD
EUVD-2026-27414
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
redisbloom redisbloom to 2.8.20 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25589 is a high-severity vulnerability in the RedisBloom module, which is used with Redis. The issue arises because RedisBloom does not properly validate serialized values processed through the Redis RESTORE command in versions before 2.8.20.

An authenticated attacker who has permission to execute the RESTORE command can supply a specially crafted serialized payload that triggers invalid memory access. This can lead to remote code execution on the affected system.

The root cause is insufficient validation of input data, which can cause unsafe memory operations such as heap-based buffer overflows.

Impact Analysis

Exploitation of this vulnerability can have severe impacts including full system compromise, data exfiltration, and service disruption.

  • Remote code execution allowing attackers to run arbitrary code on the server.
  • Potential loss of confidentiality due to unauthorized data access.
  • Integrity and availability of the system can be compromised, leading to service outages or corrupted data.
Detection Guidance

Detection of this vulnerability involves verifying if the RedisBloom module is loaded on your Redis server and if the RESTORE command is accessible to authenticated users.

You can check if RedisBloom is loaded by running the Redis command:

  • MODULE LIST

To check if the RESTORE command is accessible, you can test permissions or review ACL rules with:

  • ACL LIST

Additionally, monitoring logs for unusual or unauthorized RESTORE command usage may help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting access to the RESTORE command using Redis ACL rules to prevent unauthorized or untrusted users from executing it.

Applying the security patch by upgrading RedisBloom to version 2.8.20 or later will fix the vulnerability.

If upgrading immediately is not possible, ensure that only trusted authenticated users have permission to use the RESTORE command.

Compliance Impact

The vulnerability in RedisBloom allows an authenticated attacker to execute remote code, potentially leading to full system compromise, data exfiltration, or service disruption.

Such impacts on confidentiality, integrity, and availability of data could affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

Mitigation involves patching the module or restricting access to the RESTORE command, which is necessary to maintain compliance by preventing unauthorized access or data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25589. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart