CVE-2025-32023

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-32023
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32023.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-32023
Aliases
Downstream
Related
Published
2025-07-07T15:22:19.155Z
Modified
2026-04-27T11:42:25.877353Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Redis allows out of bounds writes in hyperloglog commands leading to RCE
Details

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32023.json",
    "cwe_ids": [
        "CWE-680"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
4e6d34bd2ccd8998335baefb6be08e1704a839d2
Fixed
fa00bd2fff1533ad6e8483d9ce8868f383df2fbb
Introduced
29622276ecd7b74312798e6772744858a8a6f9bf
Fixed
5a752e19782b9f8f80c7ef85e21cb47647954f09
Introduced
c9d29f6a918c335bc1778d9f68e521c1bbb36a0f
Fixed
7e0f53393290f7c1f35596117b67748efad16580
Introduced
e91a340e241cf0abe3c6a0c254214fbe4aa1d95f
Fixed
b49d5c0cf4e96a277d4b4e98f61d10c792b37003
Fixed
50188747cbfe43528d2719399a2a3c9599169445
Database specific 
{
    "versions": [
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "6.2.19"
        },
        {
            "introduced": "7.2.0"
        },
        {
            "fixed": "7.2.10"
        },
        {
            "introduced": "7.4.0"
        },
        {
            "fixed": "7.4.5"
        },
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.0.3"
        }
    ]
}

Affected versions

7.*
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.2.7
7.2.8
7.2.9
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
8.*
8.0.0
8.0.1
8.0.1-int
8.0.2

Database specific

vanir_signatures 
[
    {
        "source": "https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445",
        "target": {
            "function": "hllSparseToDense",
            "file": "src/hyperloglog.c"
        },
        "deprecated": false,
        "digest": {
            "length": 908.0,
            "function_hash": "129779998429974651354293642127150162902"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2025-32023-0cbdcc49"
    },
    {
        "source": "https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445",
        "target": {
            "function": "hllMerge",
            "file": "src/hyperloglog.c"
        },
        "deprecated": false,
        "digest": {
            "length": 733.0,
            "function_hash": "13110939117011304517004443570365877133"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2025-32023-3597acc4"
    },
    {
        "source": "https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445",
        "target": {
            "file": "src/hyperloglog.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "161130550094648145746684114360630705850",
                "150296783300195929630338816800163077356",
                "324757318019474917851111605757511146399",
                "48443237562126307296074555584900619600",
                "943140310968948733257800067551040115",
                "77206904569032948157402165180744281704",
                "54220576544187959800608079950099532334",
                "163525978105105879703300817675579012662",
                "286944723218722685655328078188182448494",
                "149353275136718880675335349200066632944",
                "314126798139008040895437071948757677545",
                "329972309443768499364194409287314098760",
                "247131607397687281256177826960955533581",
                "64954938294874463851734563066909390287",
                "259931982932627762285506727167403023289",
                "244557390104640110658510793762523031165",
                "220595675868915384537378465908598390295",
                "82117174039672036645607373954801061847",
                "99498813721876898603300708982169945975",
                "273315298553281839163351937261702331232",
                "288061040493901638938035679017025983176",
                "209881264181947740157046833486518405543",
                "177587936925485930081943971502556365346",
                "282818857702032744574770866295660623994",
                "97697508912184950398200176402102246535",
                "147652199288863048771452993212009746563",
                "77206904569032948157402165180744281704",
                "82603988214618883970296355474204546510",
                "71600274496782095214088945629245599387",
                "264074078618288337091926483665863518921",
                "284025846420163027143840089582065736289",
                "149353275136718880675335349200066632944",
                "191151508178975775465640616757469942986",
                "227360101722825627781073528523691939616",
                "245977317173000080165212439759381833599",
                "251162027508189115655068121502662168000",
                "64954938294874463851734563066909390287",
                "49191687948616390749141121443495170991",
                "159606694428081131321281370993728549377",
                "312312749923233527374055075485970857179",
                "178488374770442854601810438606034899896",
                "182172240062532227241326464800799826406",
                "157557743724461171681159906578703156734",
                "147677684377709583776098091972430714973",
                "249224276617144109581293633419664947141",
                "146452673585891991137435680746906591255",
                "233488419955622077363276744236323716928",
                "331272533204373860181898733352578644817",
                "175317999564137330865327544850031903834",
                "339529606660995622271230546078681415858",
                "125535678854358756683660894756343907794",
                "181315612880403463653601729219767662899",
                "267220154172190819229547577375284177224",
                "248526602376172639785822559052013055099",
                "3189650006762582464355168401268957572",
                "2241206270602762956923758292903023807",
                "260632655828041001194225941362431397104",
                "160098897125102414988234853977950845419",
                "121833759255957245681910394109675411028",
                "268210105647145868658848864797133155566",
                "64954938294874463851734563066909390287",
                "281257054529954318369472419634267862126",
                "316990178765018216400590249446808895157",
                "163080108443171659159423545091384031831",
                "151995268083565576665415626169664799012",
                "174314777746783260264109025923343807831",
                "26838673585568184004951647481185398623",
                "107027639973597858444205716663694237754",
                "74710119665493252182164707879633228192"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "id": "CVE-2025-32023-6cf8c740"
    },
    {
        "source": "https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445",
        "target": {
            "function": "hllSparseRegHisto",
            "file": "src/hyperloglog.c"
        },
        "deprecated": false,
        "digest": {
            "length": 534.0,
            "function_hash": "35977819258405606129938402535985569600"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2025-32023-e1d8af32"
    }
]
vanir_signatures_modified 
"2026-04-27T11:42:25Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32023.json"