CVE-2025-27151
CVE Details
Visit the official vulnerability details page for CVE-2025-27151 to learn more.
Initial Publication
11/14/2025
Last Update
01/05/2026
Third Party Dependency
redis
NIST CVE Summary
Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.
CVE Severity
Our Official Summary
CVE-2025-27151 is a stack-based buffer overflow vulnerability in the redis-check-aof utility of Redis, an open-source in-memory key-value database. In Redis versions ≥ 7.0.0 and < 8.0.2, the vulnerability arises from copying user-supplied file paths into a fixed-size stack buffer using memcpy with strlen() and without adequate bounds checking. An attacker who can control or influence the file path processed by redis-check-aof could trigger a stack overflow.
This issue is reported in the Harbor registry pack when used within a Kubernetes cluster. Exploitation would require an attacker to gain access to the container and execute code within it. However, the container includes safeguards intended to prevent arbitrary code execution.
At this time, no upstream fix is available to address this vulnerability. Once an official fix becomes available, it will be evaluated and adopted accordingly.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.8.13 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.7.29 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 01/05/2026 | Status changed from Open to Ongoing |
| 01/05/2026 | Official summary added |