{
  "threat_severity" : "Important",
  "public_date" : "2026-05-05T16:44:57Z",
  "bugzilla" : {
    "description" : "redis: RESTORE invalid memory access may allow remote code execution",
    "id" : "2466828",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2466828"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.", "A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitrary code execution." ],
  "statement" : "To exploit this issue, an authenticated attacker with permission to execute the RESTORE command needs to send a specially crafted serialized payload to be processed by Redis, limiting its exposure to authenticated users. This allows the attacker to cause an invalid memory access, resulting in a denial of service or potentially in arbitrary code execution.\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\nDue to these reasons, this vulnerability has been rated with an important severity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25216",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "valkey-0:8.0.9-1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-06-17T00:00:00Z",
    "advisory" : "RHSA-2026:26540",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "valkey-0:8.0.9-1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:26008",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "redis:6-8100020260522105353.489197e6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27787",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "redis:6-8040020260618162855.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27787",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "redis:6-8040020260618162855.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-06-25T00:00:00Z",
    "advisory" : "RHSA-2026:29817",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "redis:6-8060020260623095617.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-06-25T00:00:00Z",
    "advisory" : "RHSA-2026:29817",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.6",
    "package" : "redis:6-8060020260623095617.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-04T00:00:00Z",
    "advisory" : "RHSA-2026:23229",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "redis-0:6.2.22-1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-11T00:00:00Z",
    "advisory" : "RHSA-2026:25219",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "redis:7-9080020260521083756.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-15T00:00:00Z",
    "advisory" : "RHSA-2026:25925",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "valkey-0:8.0.9-1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27716",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "redis-0:6.2.7-1.el9_2.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-23T00:00:00Z",
    "advisory" : "RHSA-2026:28139",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "redis-0:6.2.7-1.el9_4.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-23T00:00:00Z",
    "advisory" : "RHSA-2026:28142",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "redis:7-9040020260618054637.9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26233",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "redis-0:6.2.22-1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-06-16T00:00:00Z",
    "advisory" : "RHSA-2026:26306",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "redis:7-9060020260602115714.9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Not affected",
    "package_name" : "boost",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "valkey",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-25243\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-25243\nhttps://github.com/redis/redis/releases/tag/8.6.3\nhttps://github.com/redis/redis/security/advisories/GHSA-c8h9-259x-jff4" ],
  "name" : "CVE-2026-25243",
  "mitigation" : {
    "value" : "To mitigate this flaw, restrict the execution privileges of the RESTORE command exclusively to highly trusted and administrative users by using the appropriate ACL rules.",
    "lang" : "en:us"
  },
  "csaw" : false
}