CVE-2025-25069

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests,a valid HTTP request can also be sent to Kvrocks as a valid RESP requestand trigger some database operations, which can be dangerous whenit is chained with ...

CVE-2025-26413

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an indexof a string. So it will cause the server to crash due to its index is out of range.This issue affects Apache Kvrocks: through 2.11.1. Users ar...