{"id":"CVE-2025-32023","summary":"Redis allows out of bounds writes in hyperloglog commands leading to RCE","details":"Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.","aliases":["BIT-keydb-2025-32023","BIT-redis-2025-32023","BIT-valkey-2025-32023","GHSA-rp2m-q4j6-gr43"],"modified":"2026-04-30T10:07:36.875103Z","published":"2025-07-07T15:22:19.155Z","related":["ALSA-2025:11401","ALSA-2025:12006","ALSA-2025:12008","CGA-rqqq-hg2w-j7xj","SUSE-SU-2025:02579-1","SUSE-SU-2025:02593-1","SUSE-SU-2025:02594-1","SUSE-SU-2025:02679-1","SUSE-SU-2025:02680-1","SUSE-SU-2025:02681-1","SUSE-SU-2025:03073-1","openSUSE-SU-2025:15318-1","openSUSE-SU-2025:15359-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"8.0.0"},{"fixed":"8.0.3"},{"introduced":"7.4-rc1"},{"fixed":"7.4.5"},{"introduced":"7.0.0"},{"fixed":"7.2.10"},{"introduced":"2.8.0"},{"fixed":"6.2.19"}],"source":"AFFECTED_FIELD"},{"extracted_events":[{"fixed":"8.0.3"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32023.json","cwe_ids":["CWE-680"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/6.2.19"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.2.10"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.4.5"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.0.3"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/52477"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32023.json"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32023"},{"type":"FIX","url":"https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"4e6d34bd2ccd8998335baefb6be08e1704a839d2"},{"fixed":"fa00bd2fff1533ad6e8483d9ce8868f383df2fbb"},{"introduced":"29622276ecd7b74312798e6772744858a8a6f9bf"},{"fixed":"5a752e19782b9f8f80c7ef85e21cb47647954f09"},{"introduced":"c9d29f6a918c335bc1778d9f68e521c1bbb36a0f"},{"fixed":"7e0f53393290f7c1f35596117b67748efad16580"},{"introduced":"e91a340e241cf0abe3c6a0c254214fbe4aa1d95f"},{"fixed":"b49d5c0cf4e96a277d4b4e98f61d10c792b37003"},{"fixed":"50188747cbfe43528d2719399a2a3c9599169445"}],"database_specific":{"versions":[{"introduced":"2.8.0"},{"fixed":"6.2.19"},{"introduced":"7.2.0"},{"fixed":"7.2.10"},{"introduced":"7.4.0"},{"fixed":"7.4.5"},{"introduced":"8.0.0"},{"fixed":"8.0.3"}]}}],"versions":["7.2.0","7.2.1","7.2.2","7.2.3","7.2.4","7.2.5","7.2.6","7.2.7","7.2.8","7.2.9","7.4.0","7.4.1","7.4.2","7.4.3","7.4.4","8.0.0","8.0.1","8.0.1-int","8.0.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32023.json","vanir_signatures":[{"digest":{"length":908,"function_hash":"129779998429974651354293642127150162902"},"deprecated":false,"target":{"function":"hllSparseToDense","file":"src/hyperloglog.c"},"source":"https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445","signature_version":"v1","signature_type":"Function","id":"CVE-2025-32023-0cbdcc49"},{"digest":{"length":733,"function_hash":"13110939117011304517004443570365877133"},"deprecated":false,"target":{"function":"hllMerge","file":"src/hyperloglog.c"},"source":"https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445","signature_version":"v1","signature_type":"Function","id":"CVE-2025-32023-3597acc4"},{"digest":{"threshold":0.9,"line_hashes":["161130550094648145746684114360630705850","150296783300195929630338816800163077356","324757318019474917851111605757511146399","48443237562126307296074555584900619600","943140310968948733257800067551040115","77206904569032948157402165180744281704","54220576544187959800608079950099532334","163525978105105879703300817675579012662","286944723218722685655328078188182448494","149353275136718880675335349200066632944","314126798139008040895437071948757677545","329972309443768499364194409287314098760","247131607397687281256177826960955533581","64954938294874463851734563066909390287","259931982932627762285506727167403023289","244557390104640110658510793762523031165","220595675868915384537378465908598390295","82117174039672036645607373954801061847","99498813721876898603300708982169945975","273315298553281839163351937261702331232","288061040493901638938035679017025983176","209881264181947740157046833486518405543","177587936925485930081943971502556365346","282818857702032744574770866295660623994","97697508912184950398200176402102246535","147652199288863048771452993212009746563","77206904569032948157402165180744281704","82603988214618883970296355474204546510","71600274496782095214088945629245599387","264074078618288337091926483665863518921","284025846420163027143840089582065736289","149353275136718880675335349200066632944","191151508178975775465640616757469942986","227360101722825627781073528523691939616","245977317173000080165212439759381833599","251162027508189115655068121502662168000","64954938294874463851734563066909390287","49191687948616390749141121443495170991","159606694428081131321281370993728549377","312312749923233527374055075485970857179","178488374770442854601810438606034899896","182172240062532227241326464800799826406","157557743724461171681159906578703156734","147677684377709583776098091972430714973","249224276617144109581293633419664947141","146452673585891991137435680746906591255","233488419955622077363276744236323716928","331272533204373860181898733352578644817","175317999564137330865327544850031903834","339529606660995622271230546078681415858","125535678854358756683660894756343907794","181315612880403463653601729219767662899","267220154172190819229547577375284177224","248526602376172639785822559052013055099","3189650006762582464355168401268957572","2241206270602762956923758292903023807","260632655828041001194225941362431397104","160098897125102414988234853977950845419","121833759255957245681910394109675411028","268210105647145868658848864797133155566","64954938294874463851734563066909390287","281257054529954318369472419634267862126","316990178765018216400590249446808895157","163080108443171659159423545091384031831","151995268083565576665415626169664799012","174314777746783260264109025923343807831","26838673585568184004951647481185398623","107027639973597858444205716663694237754","74710119665493252182164707879633228192"]},"deprecated":false,"target":{"file":"src/hyperloglog.c"},"source":"https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445","signature_version":"v1","signature_type":"Line","id":"CVE-2025-32023-6cf8c740"},{"digest":{"length":534,"function_hash":"35977819258405606129938402535985569600"},"deprecated":false,"target":{"function":"hllSparseRegHisto","file":"src/hyperloglog.c"},"source":"https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445","signature_version":"v1","signature_type":"Function","id":"CVE-2025-32023-e1d8af32"}],"vanir_signatures_modified":"2026-04-30T10:07:36Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}