Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-32023 PoC — Redis allows out of bounds writes in hyperloglog commands leading to RCE

Source
https://github.com/B1ack4sh/Blackash-CVE-2025-32023
Associated Vulnerability
Title:Redis allows out of bounds writes in hyperloglog commands leading to RCE (CVE-2025-32023)
Description:Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Description
CVE-2025-32023
Readme
# CVE-2025-32023 - Redis Remote Code Execution (RCE) 🚨

## 🧠 Overview:

A **critical RCE vulnerability** affecting Redis (< 7.2.4), where attackers can **load malicious modules** using the `MODULE LOAD` command.

## 🕳️ Vulnerability Type:

Remote Code Execution (RCE)

## 💥 **Impact:**

An **unauthenticated attacker** can execute arbitrary code and gain full control of the Redis server.

## 🔓 **Requirements for Exploitation:**

* Redis is **exposed to the internet** 🌍
* No **authentication** is set (no `requirepass` or ACLs) ❌
* Attacker has **write access** to Redis 📝

## 🛠️ **Attack Steps:**

1. Upload malicious `.so` (shared object) file to the Redis server.
2. Use the `MODULE LOAD` command to load the module.
3. Achieve **remote code execution** 💣

## 🧪 **Tested On:**
Redis 7.2.3 and below

## 🚫 **Not Affected:**
Redis **7.2.4 and above**

## 🛡️ Mitigation Steps:

* ✅ Upgrade to **Redis 7.2.4+**
* 🔐 Use **ACLs** or set a strong `requirepass`
* 🧱 Block external access via **firewall**
* 📛 Disable `MODULE LOAD` if not needed

## ⚠️ Security Tip:

Never expose Redis directly to the internet without proper authentication, ACLs, and network restrictions. Redis is **meant to be internal**.

🧩 **CVSS Score:** 9.8 (Critical)

🧬 **Discovered By:** Security researchers in early 2025.

---
File Snapshot

 [4.0K]  /data/pocs/b83c72f059b35d6780cc61c3b33b298061e90f00
├── [ 561]  CVE-2025-32023.py
├── [1.3K]  README.md
└── [4.9K]  solver-CVE-2025-32023.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →