Login Sign Up

CVE-2025-27151

4.7 MEDIUM
Remote Code Execution Buffer Overflow

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in Redis's redis-check-aof tool, affecting versions 7.0.0 to 8.0.1. It allows an attacker to potentially execute arbitrary code by exploiting a memcpy issue with user-supplied file paths. Users running vulnerable Redis versions with redis-check-aof accessible are affected.

💻 Affected Systems

Products:
  • Redis
Versions: 7.0.0 to 8.0.1
Operating Systems: All operating systems running Redis
Default Config Vulnerable: ✅ No
Notes: Only affects the redis-check-aof utility; standard Redis server operations are not vulnerable. Exploitation requires access to run redis-check-aof with a malicious file path.

📦 What is this software?

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution (RCE) leading to full system compromise, data theft, or lateral movement within the network.

🟠

Likely Case

Denial of service (DoS) via application crash or limited code execution in constrained environments, depending on exploitability and mitigations.

🟢

If Mitigated

Minimal impact if redis-check-aof is not exposed or used, with potential for DoS but no code execution due to security controls like ASLR.

🌐 Internet-Facing: LOW, as redis-check-aof is typically a command-line tool not exposed over networks; exploitation requires local or indirect access.
🏢 Internal Only: MEDIUM, as internal attackers or compromised systems could exploit it if redis-check-aof is accessible, but usage is limited.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local or remote access to execute redis-check-aof, and success depends on bypassing mitigations like stack canaries or ASLR.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 8.0.2

Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm

Restart Required: No

Instructions:

1. Download Redis version 8.0.2 or later from the official repository. 2. Replace the redis-check-aof binary with the patched version. 3. No restart of Redis server is needed as it only affects the utility tool.

🔧 Temporary Workarounds

Restrict Access to redis-check-aof

linux

Limit execution permissions for redis-check-aof to trusted users only to reduce attack surface.

chmod 750 /path/to/redis-check-aof
chown root:root /path/to/redis-check-aof

🧯 If You Can't Patch

  • Remove or disable redis-check-aof if not required for operations.
  • Implement strict access controls and monitor for unauthorized usage of redis-check-aof.

🔍 How to Verify

Check if Vulnerable:

Check the Redis version and if redis-check-aof is present; run: redis-check-aof --version and compare to affected range 7.0.0-8.0.1.

Check Version:

redis-check-aof --version

Verify Fix Applied:

After updating, verify the version is 8.0.2 or later with: redis-check-aof --version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual execution of redis-check-aof with long or suspicious file paths in system logs.

Network Indicators:

  • Not applicable as this is a local tool; no network indicators.

SIEM Query:

Process execution logs where command includes 'redis-check-aof' and arguments exceed typical length.

📊 Metadata

CVE ID: CVE-2025-27151
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
EPSS Score: 0.1% exploit probability (28.5th percentile)
Published: May 29, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27151, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2020-12388 10.0

This vulnerability allows attackers to escape Firefox's content process sandbox on Windows systems, ...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)