Redis RCE Exploit More Severe Than Initially Rated

A vulnerability in Redis initially rated high severity may warrant more urgent attention after JFrog researchers demonstrated a working remote code execution exploit. CVE-2025-62507, a stack buffer overflow in the XACKDEL command, allows unauthenticated attackers to compromise Redis instances running the default configuration.

The flaw affects Redis versions 8.2.0 through 8.2.2. The fix shipped in version 8.2.3, but the disclosure timeline has taken an interesting turn—the vulnerability was originally discovered by Google's Big Sleep AI security agent.

How the Exploit Works

The vulnerability exists in Redis's stream message acknowledgment and deletion functionality. The XACKDEL command handles cleanup of acknowledged messages, but when processing a large number of stream IDs, it fails to properly reallocate memory.

When the count of stream IDs exceeds STREAMID_STATIC_VECTOR_LEN, the code skips a necessary reallocation step. This causes parsed IDs to overflow the stack buffer, overwriting adjacent memory including saved registers and the function's return address.

Because stream IDs contain two independent numeric values that attackers fully control, the overflow allows precise manipulation of overwritten memory. JFrog's researchers achieved direct control of the instruction pointer, demonstrating reliable code execution.

Making matters worse, JFrog discovered that the official Redis Docker image ships without stack canary protections—a basic exploit mitigation that would normally complicate buffer overflow attacks.

Default Configuration Is Vulnerable

Redis historically does not enforce authentication by default. Combined with the unauthenticated nature of this vulnerability, attackers can trigger the flaw with a single XACKDEL command containing a sufficiently large number of message IDs.

Any Redis 8.2.x instance exposed to untrusted networks without authentication—a common configuration in development environments and unfortunately some production deployments—is vulnerable to complete compromise.

AI-Discovered Vulnerability

The original discovery came from Google Big Sleep, an AI security agent developed jointly by Google DeepMind and Project Zero. The system acts as an automated security researcher, hunting for unknown vulnerabilities in software.

Big Sleep's involvement highlights how AI tools are accelerating both sides of the security equation. Defenders gain automated vulnerability discovery; attackers potentially gain the same capability. The AI-discovered OpenSSL vulnerability we covered last week followed a similar pattern—automated analysis finding flaws that evaded human review.

Severity Reassessment Needed

The initial CVSS score of 8.8 reflected the buffer overflow's technical characteristics. JFrog argues the working RCE exploit should push organizations toward more urgent remediation.

"The discovery of an RCE exploit by JFrog researchers should increase the urgency for applying a patch," said Shachar Menashe, vice president of security research at JFrog. For organizations unable to immediately upgrade, Menashe recommends deploying firewalls to protect any older Redis versions running in production.

Mitigation Steps

Organizations running Redis 8.2.x should upgrade to version 8.2.3 or later immediately. For those unable to patch right away:

1. Enable authentication on all Redis instances using the requirepass configuration directive
2. Use ACLs to block XACKDEL by restricting the command through access control lists
3. Deploy network segmentation to ensure Redis instances are not reachable from untrusted networks
4. Monitor for exploitation attempts by logging XACKDEL commands with unusually large ID counts

The vulnerability demonstrates that even widely-used open source infrastructure software can harbor severe flaws. This joins a growing list of zero-day vulnerabilities affecting core infrastructure components. Redis serves as a caching layer, message broker, and session store for countless web applications. A compromise at this layer can cascade throughout dependent systems, similar to how the n8n workflow automation vulnerabilities we covered recently exposed entire business processes.

Organizations should treat any internet-exposed Redis instance without authentication as potentially compromised and audit for signs of intrusion before assuming clean remediation.