JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a remote code execution (RCE) exploit.
Researchers found that a stack buffer overflow vulnerability in Redis (CVE-2025-62507) can be used to run the XACKDEL command with multiple IDs to trigger a stack buffer overflow, which may potentially lead to remote code execution (RCE).
While the initial vulnerability was assigned an 8.8 severity rating using the Common Vulnerability Scoring System (CVSS), the discovery of an RCE exploit by JFrog researchers should increase the urgency for applying a patch that resolves the issue in version 8.3.2 of the widely used open source database.
Shachar Menashe, vice president of security…