redis News Articles
Recent news articles refferecing the vendors vulnerabilities.
GBHackers NewsCVE-2025-49844Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide
A critical security vulnerability in Redis's Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks.
2 weeks ago
CPO MagazineCVE-2025-49844Redis Critical Vulnerability Exposes over 60,000 Instances to RCE and Host Take Over - CPO Magazine
Security researchers at Wiz Research have discovered a critical vulnerability in the Redis in-memory database that could allow an attacker to gain remote code execution (RCE) capabilities and take over the host.
PoC Released for Critical Lua Engine Vulnerabilities
A recent security audit of Redis 7.4.5 uncovered three severe flaws in the embedded Lua interpreter.
PoC Exploit Released for Critical Vulnerabilities in Lua Engine
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5.
Security AffairsCVE-2025-49844Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it.
Help Net SecurityCVE-2025-49844Redis patches critical "RediShell" RCE vulnerability, update ASAP! (CVE-2025-49844) - Help Net Security
Redis has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system.
Cyber PressCVE-2025-49844Redis Use-After-Free Vulnerability Enables Remote Code Execution
A critical security vulnerability has been discovered in Redis Server that allows authenticated attackers to achieve remote code execution
GBHackers NewsCVE-2025-49844Redis Server Use-After-Free Vulnerability Allows Remote Code Execution
A security vulnerability has been discovered in Redis Server that could allow authenticated attackers to achieve remote code execution.
Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE
A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover; more than 300k instances currently exposed.
The Hacker NewsCVE-2025-4984413-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis fixes 13-year CVSS 10 flaw allowing Lua script-based remote code execution in all versions.
Critical Vulnerability Puts 60,000 Redis Servers at Risk of Exploitation
A critical-severity vulnerability that lingered in Redis for 13 years potentially exposes 60,000 servers to exploitation.
Critical 9.9 Redis vulnerability enables remote code execution
Crafted Lua scripts could be used to trigger a use-after-free flaw in affected instances.
Redis warns of critical flaw impacting thousands of instances
The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances.