vulnerability
Ubuntu: (Multiple Advisories) (CVE-2025-49844): Redis vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 3, 2025 | Oct 16, 2025 | Nov 28, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 3, 2025
Added
Oct 16, 2025
Modified
Nov 28, 2025
Description
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Redis server.
Solutions
ubuntu-pro-upgrade-redictubuntu-pro-upgrade-redict-sentinelubuntu-pro-upgrade-redict-serverubuntu-pro-upgrade-redict-toolsubuntu-pro-upgrade-redisubuntu-pro-upgrade-redis-sentinelubuntu-pro-upgrade-redis-serverubuntu-pro-upgrade-redis-toolsubuntu-pro-upgrade-valkey-server
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.