CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26413

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the `offset` input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. Users are recommended to upgrade to version 2.12.0, which fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.2%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2025-26413

Apache » Kvrocks » Version: 1.0.0

cpe:2.3:a:apache:kvrocks:1.0.0
Apache » Kvrocks » Version: 1.0.1

cpe:2.3:a:apache:kvrocks:1.0.1
Apache » Kvrocks » Version: 1.0.2

cpe:2.3:a:apache:kvrocks:1.0.2
Apache » Kvrocks » Version: 1.0.3

cpe:2.3:a:apache:kvrocks:1.0.3
Apache » Kvrocks » Version: 1.0.4

cpe:2.3:a:apache:kvrocks:1.0.4
Apache » Kvrocks » Version: 1.0.5

cpe:2.3:a:apache:kvrocks:1.0.5
Apache » Kvrocks » Version: 1.1.0

cpe:2.3:a:apache:kvrocks:1.1.0
Apache » Kvrocks » Version: 1.1.1

cpe:2.3:a:apache:kvrocks:1.1.1
Apache » Kvrocks » Version: 1.1.10

cpe:2.3:a:apache:kvrocks:1.1.10
Apache » Kvrocks » Version: 1.1.11

cpe:2.3:a:apache:kvrocks:1.1.11
Apache » Kvrocks » Version: 1.1.12

cpe:2.3:a:apache:kvrocks:1.1.12
Apache » Kvrocks » Version: 1.1.13

cpe:2.3:a:apache:kvrocks:1.1.13
Apache » Kvrocks » Version: 1.1.14

cpe:2.3:a:apache:kvrocks:1.1.14
Apache » Kvrocks » Version: 1.1.15

cpe:2.3:a:apache:kvrocks:1.1.15
Apache » Kvrocks » Version: 1.1.16

cpe:2.3:a:apache:kvrocks:1.1.16
Apache » Kvrocks » Version: 1.1.17

cpe:2.3:a:apache:kvrocks:1.1.17
Apache » Kvrocks » Version: 1.1.18

cpe:2.3:a:apache:kvrocks:1.1.18
Apache » Kvrocks » Version: 1.1.19

cpe:2.3:a:apache:kvrocks:1.1.19
Apache » Kvrocks » Version: 1.1.2

cpe:2.3:a:apache:kvrocks:1.1.2
Apache » Kvrocks » Version: 1.1.20

cpe:2.3:a:apache:kvrocks:1.1.20
Apache » Kvrocks » Version: 1.1.21

cpe:2.3:a:apache:kvrocks:1.1.21
Apache » Kvrocks » Version: 1.1.22

cpe:2.3:a:apache:kvrocks:1.1.22
Apache » Kvrocks » Version: 1.1.23

cpe:2.3:a:apache:kvrocks:1.1.23
Apache » Kvrocks » Version: 1.1.24

cpe:2.3:a:apache:kvrocks:1.1.24
Apache » Kvrocks » Version: 1.1.25

cpe:2.3:a:apache:kvrocks:1.1.25
Apache » Kvrocks » Version: 1.1.26

cpe:2.3:a:apache:kvrocks:1.1.26
Apache » Kvrocks » Version: 1.1.27

cpe:2.3:a:apache:kvrocks:1.1.27
Apache » Kvrocks » Version: 1.1.28

cpe:2.3:a:apache:kvrocks:1.1.28
Apache » Kvrocks » Version: 1.1.29

cpe:2.3:a:apache:kvrocks:1.1.29
Apache » Kvrocks » Version: 1.1.3

cpe:2.3:a:apache:kvrocks:1.1.3
Apache » Kvrocks » Version: 1.1.30

cpe:2.3:a:apache:kvrocks:1.1.30
Apache » Kvrocks » Version: 1.1.31

cpe:2.3:a:apache:kvrocks:1.1.31
Apache » Kvrocks » Version: 1.1.32

cpe:2.3:a:apache:kvrocks:1.1.32
Apache » Kvrocks » Version: 1.1.34

cpe:2.3:a:apache:kvrocks:1.1.34
Apache » Kvrocks » Version: 1.1.35

cpe:2.3:a:apache:kvrocks:1.1.35
Apache » Kvrocks » Version: 1.1.36

cpe:2.3:a:apache:kvrocks:1.1.36
Apache » Kvrocks » Version: 1.1.37

cpe:2.3:a:apache:kvrocks:1.1.37
Apache » Kvrocks » Version: 1.1.38

cpe:2.3:a:apache:kvrocks:1.1.38
Apache » Kvrocks » Version: 1.1.40

cpe:2.3:a:apache:kvrocks:1.1.40
Apache » Kvrocks » Version: 1.1.5

cpe:2.3:a:apache:kvrocks:1.1.5
Apache » Kvrocks » Version: 1.1.6

cpe:2.3:a:apache:kvrocks:1.1.6
Apache » Kvrocks » Version: 1.1.7

cpe:2.3:a:apache:kvrocks:1.1.7
Apache » Kvrocks » Version: 1.1.8

cpe:2.3:a:apache:kvrocks:1.1.8
Apache » Kvrocks » Version: 1.1.9

cpe:2.3:a:apache:kvrocks:1.1.9
Apache » Kvrocks » Version: 1.2.0

cpe:2.3:a:apache:kvrocks:1.2.0
Apache » Kvrocks » Version: 1.3.0

cpe:2.3:a:apache:kvrocks:1.3.0
Apache » Kvrocks » Version: 1.3.1

cpe:2.3:a:apache:kvrocks:1.3.1
Apache » Kvrocks » Version: 1.3.2

cpe:2.3:a:apache:kvrocks:1.3.2
Apache » Kvrocks » Version: 1.3.3

cpe:2.3:a:apache:kvrocks:1.3.3
Apache » Kvrocks » Version: 2.0.0

cpe:2.3:a:apache:kvrocks:2.0.0
Apache » Kvrocks » Version: 2.0.1

cpe:2.3:a:apache:kvrocks:2.0.1
Apache » Kvrocks » Version: 2.0.2

cpe:2.3:a:apache:kvrocks:2.0.2
Apache » Kvrocks » Version: 2.0.3

cpe:2.3:a:apache:kvrocks:2.0.3
Apache » Kvrocks » Version: 2.0.4

cpe:2.3:a:apache:kvrocks:2.0.4
Apache » Kvrocks » Version: 2.0.5

cpe:2.3:a:apache:kvrocks:2.0.5
Apache » Kvrocks » Version: 2.0.6

cpe:2.3:a:apache:kvrocks:2.0.6
Apache » Kvrocks » Version: 2.1.0

cpe:2.3:a:apache:kvrocks:2.1.0
Apache » Kvrocks » Version: 2.10.0

cpe:2.3:a:apache:kvrocks:2.10.0
Apache » Kvrocks » Version: 2.10.1

cpe:2.3:a:apache:kvrocks:2.10.1
Apache » Kvrocks » Version: 2.11.0

cpe:2.3:a:apache:kvrocks:2.11.0
Apache » Kvrocks » Version: 2.11.1

cpe:2.3:a:apache:kvrocks:2.11.1
Apache » Kvrocks » Version: 2.2.0

cpe:2.3:a:apache:kvrocks:2.2.0
Apache » Kvrocks » Version: 2.3.0

cpe:2.3:a:apache:kvrocks:2.3.0
Apache » Kvrocks » Version: 2.4.0

cpe:2.3:a:apache:kvrocks:2.4.0
Apache » Kvrocks » Version: 2.5.0

cpe:2.3:a:apache:kvrocks:2.5.0
Apache » Kvrocks » Version: 2.5.1

cpe:2.3:a:apache:kvrocks:2.5.1
Apache » Kvrocks » Version: 2.6.0

cpe:2.3:a:apache:kvrocks:2.6.0
Apache » Kvrocks » Version: 2.7.0

cpe:2.3:a:apache:kvrocks:2.7.0
Apache » Kvrocks » Version: 2.8.0

cpe:2.3:a:apache:kvrocks:2.8.0
Apache » Kvrocks » Version: 2.9.0

cpe:2.3:a:apache:kvrocks:2.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-26413

Products

Pricing

Contact Us