CVE-2026-25589

Published: Mag 05, 2026 Last Modified: Mag 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,7

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisBloom module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This issue is fixed in version 2.8.20.

122

Heap-based Buffer Overflow

Draft

Abstraction: Variant Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Modify Memory Other

Applicable Platforms

Languages: C, C++, Memory-Unsafe

Likelihood of Exploit: High

View CWE Details

https://github.com/RedisBloom/RedisBloom/releases/tag/v2.8.…

https://github.com/RedisBloom/RedisBloom/releases/tag/v2.8.20

https://github.com/RedisBloom/RedisBloom/security/advisorie…

https://github.com/RedisBloom/RedisBloom/security/advisories/GHSA-7862-34pw-44wv

CVE-2026-25589

Description

Heap-based Buffer Overflow

Common Consequences

Applicable Platforms

Iscriviti alla newsletter