{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-25243","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-01-30T14:44:47.330Z","datePublished":"2026-05-05T16:44:57.306Z","dateUpdated":"2026-06-30T12:06:15.807Z"},"containers":{"cna":{"title":"redis-server RESTORE invalid memory access may allow remote code execution","problemTypes":[{"descriptions":[{"cweId":"CWE-122","lang":"en","description":"CWE-122: Heap-based Buffer Overflow","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/redis/redis/security/advisories/GHSA-c8h9-259x-jff4","tags":["x_refsource_CONFIRM"],"url":"https://github.com/redis/redis/security/advisories/GHSA-c8h9-259x-jff4"},{"name":"https://github.com/redis/redis/releases/tag/8.6.3","tags":["x_refsource_MISC"],"url":"https://github.com/redis/redis/releases/tag/8.6.3"}],"affected":[{"vendor":"redis","product":"redis","versions":[{"version":"< 8.6.3","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-05-05T16:44:57.306Z"},"descriptions":[{"lang":"en","value":"Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3."}],"source":{"advisory":"GHSA-c8h9-259x-jff4","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-06T03:56:11.272472Z","id":"CVE-2026-25243","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-06T13:24:39.678Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"}],"datePublic":"2026-05-05T16:44:57.306Z","descriptions":[{"lang":"en","value":"A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitrary code execution."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-122","description":"Heap-based Buffer Overflow","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-25243"},{"name":"RHBZ#2466828","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466828"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25243.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26540"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25216"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26008"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:27787"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:29817"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:33427"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:27716"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28139"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:28142"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26233"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:26306"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:23229"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25219"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25925"}],"solutions":[{"lang":"en","value":"RHSA-2026:26540: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:25216: Red Hat Enterprise Linux AppStream (v. 10)"},{"lang":"en","value":"RHSA-2026:26008: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:27787: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"},{"lang":"en","value":"RHSA-2026:29817: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"},{"lang":"en","value":"RHSA-2026:33427: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"},{"lang":"en","value":"RHSA-2026:27716: Red Hat Enterprise Linux AppStream E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:28139: Red Hat Enterprise Linux AppStream E4S (v.9.4)"},{"lang":"en","value":"RHSA-2026:28142: Red Hat Enterprise Linux AppStream E4S (v.9.4)"},{"lang":"en","value":"RHSA-2026:26233: Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:26306: Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:23229: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:25219: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:25925: Red Hat Enterprise Linux AppStream (v. 9)"}],"timeline":[{"lang":"en","time":"2026-05-05T18:01:12.034Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-05T16:44:57.306Z","value":"Made public."}],"title":"redis: RESTORE invalid memory access may allow remote code execution","workarounds":[{"lang":"en","value":"To mitigate this flaw, restrict the execution privileges of the RESTORE command exclusively to highly trusted and administrative users by using the appropriate ACL rules."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:06:15.807Z"}}]}}