CVE-2026-25589
Remote Code Execution in RedisBloom Module
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redis | redisbloom | to 2.8.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25589 is a high-severity vulnerability in the RedisBloom module, which is used with Redis. The issue arises because RedisBloom does not properly validate serialized values processed through the Redis RESTORE command in versions before 2.8.20.
An authenticated attacker who has permission to execute the RESTORE command can supply a specially crafted serialized payload that triggers invalid memory access. This can lead to remote code execution on the affected system.
The root cause is insufficient validation of input data, which can cause unsafe memory operations such as heap-based buffer overflows.
How can this vulnerability impact me? :
Exploitation of this vulnerability can have severe impacts including full system compromise, data exfiltration, and service disruption.
- Remote code execution allowing attackers to run arbitrary code on the server.
- Potential loss of confidentiality due to unauthorized data access.
- Integrity and availability of the system can be compromised, leading to service outages or corrupted data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying if the RedisBloom module is loaded on your Redis server and if the RESTORE command is accessible to authenticated users.
You can check if RedisBloom is loaded by running the Redis command:
- MODULE LIST
To check if the RESTORE command is accessible, you can test permissions or review ACL rules with:
- ACL LIST
Additionally, monitoring logs for unusual or unauthorized RESTORE command usage may help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the RESTORE command using Redis ACL rules to prevent unauthorized or untrusted users from executing it.
Applying the security patch by upgrading RedisBloom to version 2.8.20 or later will fix the vulnerability.
If upgrading immediately is not possible, ensure that only trusted authenticated users have permission to use the RESTORE command.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in RedisBloom allows an authenticated attacker to execute remote code, potentially leading to full system compromise, data exfiltration, or service disruption.
Such impacts on confidentiality, integrity, and availability of data could affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
Mitigation involves patching the module or restricting access to the RESTORE command, which is necessary to maintain compliance by preventing unauthorized access or data breaches.