vulnerability
Ubuntu: (Multiple Advisories) (CVE-2025-49844): Redis vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 3, 2025 | Oct 16, 2025 | Oct 30, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 3, 2025
Added
Oct 16, 2025
Modified
Oct 30, 2025
Description
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Redis server.
Solutions
ubuntu-pro-upgrade-redictubuntu-pro-upgrade-redict-sentinelubuntu-pro-upgrade-redict-serverubuntu-pro-upgrade-redict-toolsubuntu-pro-upgrade-redisubuntu-pro-upgrade-redis-sentinelubuntu-pro-upgrade-redis-serverubuntu-pro-upgrade-redis-tools
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.