How severe is CVE-2025-27151?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2025-27151?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2025-27151 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

Related Vulnerabilities

CVE-2016-9263

MEDIUM

CVSS:4.7(Medium)

WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained with...

CWE-202016

CVE-2017-0354

MEDIUM

CVSS:4.7(Medium)

All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where a call to certain function requiring lower IRQL can be made under...

CWE-202017

CVE-2017-15333

MEDIUM

CVSS:4.7(Medium)

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V...

CWE-202017

CVE-2017-15346

MEDIUM

CVSS:4.7(Medium)

CWE-202017

CVE-2017-18103

MEDIUM

CVSS:4.7(Medium)

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a c...

CWE-202017

CVE-2017-18430

MEDIUM

CVSS:4.7(Medium)

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).

CWE-202017