This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

Redis has issued critical patches for a severe vulnerability (CVE-2025-49844) that allows remote code execution on approximately 330,000 exposed instances, with at least 60,000 not requiring authentication. The flaw stems from a 13-year-old use-after-free weakness in the Lua scripting feature, enabling attackers to gain full access to host systems and potentially exfiltrate sensitive data. Administrators are urged to update their Redis instances immediately to mitigate the risk of exploitation.