US EditionCritical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.6 Articles
6 Articles
A high-severity vulnerability, RediShell (CVE-2025-49844), has been discovered in Redis, with a CVSS score of 10.0. This vulnerability exploits a Lua script to bypass the sandbox and enable remote code execution, affecting approximately 75% of cloud environments. We recommend upgrading to the latest version and strengthening security configurations immediately.
10.0-severity RCE flaw puts 60,000 Redis instances at risk
The popular Redis in-memory data store received a patch for a critical vulnerability that leads to remote code execution on the server hosting the database. While the flaw requires authentication to exploit, many Redis instances don’t have authentication configured and around 60,000 of them are exposed to the internet in this configuration. “Given that Redis is used in an estimated 75% of cloud environments, the potential impact is extensive,” r…
Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation
A critical Redis flaw, dubbed “RediShell,” has exposed 60,000 unprotected servers to exploitation This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation The post Critical Flaw Exposes 60,000 Redis Servers to Remote Exploitation appeared first on IT Security News.
Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) - Cybernoz - Cybersecurity News
Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system. “This flaw allows a post auth attacker to send a specially crafted malicious Lua script (a feature supported by default in Redis) to escape from the Lua sandbox and achieve arbitrary native code execution on the Redis host,…
Redis patches critical "RediShell" RCE vulnerability, update ASAP! (CVE-2025-49844) - Help Net Security
Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system. “This flaw allows a post auth attacker to send a specially crafted malicious Lua script (a feature supported by default in Redis) to escape from the Lua sandbox and achieve arbitrary native code execution on the Redis host,…
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium