Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-49844 (GCVE-0-2025-49844)
Vulnerability from cvelistv5 – Published: 2025-10-03 19:27 – Updated: 2025-11-04 21:11
VLAI?
EPSS
Title
Redis Lua Use-After-Free may lead to remote code execution
Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Severity ?
10 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:16.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:33.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T19:27:23.609Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"name": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"name": "https://github.com/redis/redis/releases/tag/8.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
}
],
"source": {
"advisory": "GHSA-4789-qfc9-5f9q",
"discovery": "UNKNOWN"
},
"title": "Redis Lua Use-After-Free may lead to remote code execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49844",
"datePublished": "2025-10-03T19:27:23.609Z",
"dateReserved": "2025-06-11T14:33:57.800Z",
"dateUpdated": "2025-11-04T21:11:33.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/10/07/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:11:33.153Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49844\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-03T19:45:42.117839Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-03T19:46:39.985Z\"}}], \"cna\": {\"title\": \"Redis Lua Use-After-Free may lead to remote code execution\", \"source\": {\"advisory\": \"GHSA-4789-qfc9-5f9q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"redis\", \"product\": \"redis\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 8.2.2\"}]}], \"references\": [{\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q\", \"name\": \"https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539\", \"name\": \"https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/8.2.2\", \"name\": \"https://github.com/redis/redis/releases/tag/8.2.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-10-03T19:27:23.609Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-49844\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:11:33.153Z\", \"dateReserved\": \"2025-06-11T14:33:57.800Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-10-03T19:27:23.609Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0899
Vulnerability from certfr_avis - Published: 2025-10-20 - Updated: 2025-10-20
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 gdb 11.2-7 | ||
| Microsoft | N/A | cbl2 binutils 2.37-16 | ||
| Microsoft | N/A | cbl2 redis 6.2.20-1 | ||
| Microsoft | N/A | cbl2 redis 6.2.18-3 | ||
| Microsoft | N/A | azl3 python3 3.12.9-4 versions antérieures à 3.12.9-5 | ||
| Microsoft | N/A | cbl2 crash 8.0.1-4 | ||
| Microsoft | N/A | cbl2 binutils 2.37-17 | ||
| Microsoft | N/A | cbl2 pytorch 2.0.0-9 | ||
| Microsoft | N/A | azl3 kernel 6.6.96.2-2 | ||
| Microsoft | N/A | azl3 binutils 2.41-7 | ||
| Microsoft | N/A | cbl2 qt5-qtsvg 5.12.11-6 versions antérieures à 5.12.11-7 | ||
| Microsoft | N/A | cbl2 python3 3.9.19-14 | ||
| Microsoft | N/A | azl3 openssh 9.8p1-4 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | cbl2 rubygem-elasticsearch 8.3.0-1 | ||
| Microsoft | N/A | azl3 kernel 6.6.104.2-1 | ||
| Microsoft | N/A | cbl2 python3 3.9.19-15 versions antérieures à 3.9.19-16 | ||
| Microsoft | N/A | cbl2 qemu 6.2.0-24 | ||
| Microsoft | N/A | azl3 qemu 8.2.0-19 | ||
| Microsoft | N/A | cbl2 gdb 11.2-6 | ||
| Microsoft | N/A | cbl2 openssh 8.9p1-8 versions antérieures à 8.9p1-9 | ||
| Microsoft | N/A | azl3 valkey 8.0.4-1 versions antérieures à 8.0.6-1 | ||
| Microsoft | N/A | azl3 rubygem-elasticsearch 8.9.0-1 | ||
| Microsoft | N/A | azl3 pytorch 2.2.2-7 | ||
| Microsoft | N/A | azl3 ruby 3.3.5-5 | ||
| Microsoft | N/A | cbl2 redis 6.2.18-3 versions antérieures à 6.2.20-1 | ||
| Microsoft | N/A | azl3 qtsvg 6.6.1-2 versions antérieures à 6.6.1-3 | ||
| Microsoft | N/A | azl3 valkey 8.0.4-1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 gdb 11.2-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 binutils 2.37-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 redis 6.2.20-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 redis 6.2.18-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python3 3.12.9-4 versions ant\u00e9rieures \u00e0 3.12.9-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 crash 8.0.1-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 binutils 2.37-17",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 pytorch 2.0.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.96.2-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 binutils 2.41-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 qt5-qtsvg 5.12.11-6 versions ant\u00e9rieures \u00e0 5.12.11-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python3 3.9.19-14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 openssh 9.8p1-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rubygem-elasticsearch 8.3.0-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.104.2-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python3 3.9.19-15 versions ant\u00e9rieures \u00e0 3.9.19-16",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 qemu 6.2.0-24",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 qemu 8.2.0-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 gdb 11.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 openssh 8.9p1-8 versions ant\u00e9rieures \u00e0 8.9p1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 valkey 8.0.4-1 versions ant\u00e9rieures \u00e0 8.0.6-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rubygem-elasticsearch 8.9.0-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 pytorch 2.2.2-7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 ruby 3.3.5-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 redis 6.2.18-3 versions ant\u00e9rieures \u00e0 6.2.20-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 qtsvg 6.6.1-2 versions ant\u00e9rieures \u00e0 6.6.1-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 valkey 8.0.4-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-49069",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49069"
},
{
"name": "CVE-2025-39987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
},
{
"name": "CVE-2025-39947",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39947"
},
{
"name": "CVE-2025-39973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
},
{
"name": "CVE-2025-39945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
},
{
"name": "CVE-2025-55551",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
},
{
"name": "CVE-2024-56709",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
},
{
"name": "CVE-2025-39967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
},
{
"name": "CVE-2025-11234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
},
{
"name": "CVE-2025-39942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
},
{
"name": "CVE-2025-39929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
},
{
"name": "CVE-2025-39949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2025-39953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
},
{
"name": "CVE-2025-39990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39990"
},
{
"name": "CVE-2025-39969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
},
{
"name": "CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"name": "CVE-2025-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46819"
},
{
"name": "CVE-2024-53234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
},
{
"name": "CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"name": "CVE-2025-55552",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
},
{
"name": "CVE-2024-40989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
},
{
"name": "CVE-2025-39940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39940"
},
{
"name": "CVE-2025-39977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
},
{
"name": "CVE-2025-21645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
},
{
"name": "CVE-2025-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46817"
},
{
"name": "CVE-2024-39508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
},
{
"name": "CVE-2022-49133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49133"
},
{
"name": "CVE-2025-39970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
},
{
"name": "CVE-2025-39981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39981"
},
{
"name": "CVE-2025-39994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
},
{
"name": "CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"name": "CVE-2024-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2025-39968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
},
{
"name": "CVE-2022-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49124"
},
{
"name": "CVE-2024-53687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53687"
},
{
"name": "CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"name": "CVE-2025-39934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
},
{
"name": "CVE-2025-11495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11495"
},
{
"name": "CVE-2025-39938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39938"
},
{
"name": "CVE-2025-39982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39982"
},
{
"name": "CVE-2025-39965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39965"
},
{
"name": "CVE-2025-39932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39932"
},
{
"name": "CVE-2025-11414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
},
{
"name": "CVE-2025-21629",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
},
{
"name": "CVE-2022-50502",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50502"
},
{
"name": "CVE-2025-39964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
},
{
"name": "CVE-2024-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49568"
},
{
"name": "CVE-2024-53196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2024-46717",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
},
{
"name": "CVE-2024-40966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
},
{
"name": "CVE-2025-39972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2025-11413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
},
{
"name": "CVE-2025-39961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39961"
},
{
"name": "CVE-2025-55554",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
},
{
"name": "CVE-2025-37727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
},
{
"name": "CVE-2025-10729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10729"
},
{
"name": "CVE-2025-39957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
},
{
"name": "CVE-2025-39931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
},
{
"name": "CVE-2024-53195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
},
{
"name": "CVE-2025-39937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
},
{
"name": "CVE-2025-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46818"
},
{
"name": "CVE-2025-11412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
},
{
"name": "CVE-2022-48816",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48816"
},
{
"name": "CVE-2025-39985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2025-39980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
},
{
"name": "CVE-2024-42321",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
},
{
"name": "CVE-2020-8130",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8130"
},
{
"name": "CVE-2024-56592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
}
],
"initial_release_date": "2025-10-20T00:00:00",
"last_revision_date": "2025-10-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0899",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39967",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39967"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39940",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39940"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11412",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11412"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39994",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39994"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39947",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39947"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53687",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53687"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39931",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39931"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39942",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39942"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55551",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55551"
},
{
"published_at": "2025-10-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50502",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50502"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-42321",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42321"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53195",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53195"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-39508",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39508"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53234",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53234"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39981",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39981"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46818",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46818"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39998",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39998"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39972",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39972"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39953",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39953"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49133",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49133"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39934",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39934"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39968",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39968"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39932",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39932"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49844",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49844"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56709",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56709"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39965",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39965"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39985",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39985"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11234",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11234"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39970"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39980",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39980"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39977"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39964",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39964"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39938",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39938"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11495",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11495"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56641",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56641"
},
{
"published_at": "2025-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8130",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8130"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-8291",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8291"
},
{
"published_at": "2025-10-18",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21645",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21645"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39982",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39982"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39987",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39987"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-40989",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-40989"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49568",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49568"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-37727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-37727"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49069",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49069"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46817",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46817"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-46717",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46717"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39961",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39961"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55552",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55552"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-41079",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41079"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39969"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-40966",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-40966"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61985",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61985"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39949",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39949"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11414",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11414"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46819",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46819"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39945",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39945"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61984",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61984"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-48816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-48816"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39955",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39955"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39937",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39937"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55554",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55554"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56592",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56592"
},
{
"published_at": "2025-10-07",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10729",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10729"
},
{
"published_at": "2025-10-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11413",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11413"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39929",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39929"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49124",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49124"
},
{
"published_at": "2025-10-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39946",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39946"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39973",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39973"
},
{
"published_at": "2025-10-18",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21629",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21629"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53196",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53196"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39990",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39990"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39971",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39971"
},
{
"published_at": "2025-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39957",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39957"
}
]
}
CERTFR-2025-AVI-1115
Vulnerability from certfr_avis - Published: 2025-12-16 - Updated: 2025-12-16
Une vulnérabilité a été découverte dans Trend Micro Apex One. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Un correctif est annoncé pour janvier 2026. Cependant, l'éditeur a mis à disposition un outil de modification de la configuration de sécurité.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Trend Micro | Apex One | Apex One 20219 avec Integrated Endpoint Sensor (iES) server activé |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apex One 20219 avec Integrated Endpoint Sensor (iES) server activ\u00e9 ",
"product": {
"name": "Apex One",
"vendor": {
"name": "Trend Micro",
"scada": false
}
}
}
],
"affected_systems_content": "Un correctif est annonc\u00e9 pour janvier 2026. Cependant, l\u0027\u00e9diteur a mis \u00e0 disposition un outil de modification de la configuration de s\u00e9curit\u00e9.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
}
],
"initial_release_date": "2025-12-16T00:00:00",
"last_revision_date": "2025-12-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1115",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Trend Micro Apex One. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire.",
"title": "Vuln\u00e9rabilit\u00e9 dans Trend Micro Apex One",
"vendor_advisories": [
{
"published_at": "2025-12-15",
"title": "Bulletin de s\u00e9curit\u00e9 Trend Micro KA-0021900",
"url": "https://success.trendmicro.com/en-US/solution/KA-0021900"
}
]
}
CERTFR-2025-AVI-0935
Vulnerability from certfr_avis - Published: 2025-10-29 - Updated: 2025-10-29
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Gemfire | Tanzu GemFire versions antérieures à 10.2.0 | ||
| VMware | Tanzu | Tanzu pour Valkey versions 7.2.x antérieures à 7.2.11 | ||
| VMware | Tanzu Gemfire | Tanzu GemFire Management Console versions antérieures à 1.4.1 | ||
| VMware | Tanzu | Tanzu pour Valkey versions 3.x antérieures à 3.2.0 sur Kubernetes | ||
| VMware | Tanzu | Tanzu pour Valkey versions 8.1.x antérieures à 8.1.4 | ||
| VMware | Tanzu | Tanzu pour Valkey versions 8.0.x antérieures à 8.0.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 10.2.0",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.11",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu GemFire Management Console versions ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "Tanzu Gemfire",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 3.x ant\u00e9rieures \u00e0 3.2.0 sur Kubernetes",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.4",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.6",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"name": "CVE-2025-5115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5115"
},
{
"name": "CVE-2025-46819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46819"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46817"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-8869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-27151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-46818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46818"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2025-54388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
},
{
"name": "CVE-2025-8058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-10-29T00:00:00",
"last_revision_date": "2025-10-29T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0935",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36259",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36259"
},
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36260",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36260"
},
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36261",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36261"
},
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36258",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36258"
},
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36262",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36262"
},
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36263",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36263"
},
{
"published_at": "2025-10-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36264",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36264"
}
]
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-11-04 00:00
Modified
2025-11-07 08:40
Summary
Important: valkey security update
Details
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "valkey"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.6-1.el10_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "valkey-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.6-1.el10_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:19675",
"modified": "2025-11-07T08:40:54Z",
"published": "2025-11-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:19675"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-19675.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: valkey security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-11-11 00:00
Modified
2025-11-19 09:42
Summary
Important: redis:7 security update
Details
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11-1.module_el9.6.0+188+92104ce8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11-1.module_el9.6.0+188+92104ce8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11-1.module_el9.6.0+188+92104ce8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:20955",
"modified": "2025-11-19T09:42:38Z",
"published": "2025-11-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:20955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-20955.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: redis:7 security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-10-29 00:00
Modified
2025-10-30 07:03
Summary
Important: redis security update
Details
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:19237",
"modified": "2025-10-30T07:03:54Z",
"published": "2025-10-29T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:19237"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-19237.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: redis security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-11-11 00:00
Modified
2025-11-19 09:23
Summary
Important: redis security update
Details
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:20926",
"modified": "2025-11-19T09:23:20Z",
"published": "2025-11-11T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:20926"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-20926.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: redis security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-10-30 00:00
Modified
2025-11-07 12:12
Summary
Important: redis:7 security update
Details
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11-1.module_el9.6.0+188+92104ce8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11-1.module_el9.6.0+188+92104ce8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "redis-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11-1.module_el9.6.0+188+92104ce8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:19345",
"modified": "2025-11-07T12:12:46Z",
"published": "2025-10-30T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:19345"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-19345.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: redis:7 security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-11-24 00:00
Modified
2025-12-01 08:02
Summary
Important: valkey security update
Details
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "valkey"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.6-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "valkey-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.6-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:21916",
"modified": "2025-12-01T08:02:48Z",
"published": "2025-11-24T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:21916"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-21916.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: valkey security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-10-29 00:00
Modified
2025-10-30 07:01
Summary
Important: redis:6 security update
Details
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-1.module_el8.10.0+4056+739731b0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "redis-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-1.module_el8.10.0+4056+739731b0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "redis-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20-1.module_el8.10.0+4056+739731b0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:19238",
"modified": "2025-10-30T07:01:24Z",
"published": "2025-10-29T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:19238"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-19238.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: redis:6 security update"
}
cve-2025-49844
Vulnerability from osv_almalinux
Published
2025-11-24 00:00
Modified
2025-12-05 08:20
Summary
Important: valkey security update
Details
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also.
Security Fix(es):
- redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
- Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
- Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
- Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "valkey"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.6-2.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "valkey-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.6-2.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. \n\nSecurity Fix(es): \n\n * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)\n * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)\n * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:21936",
"modified": "2025-12-05T08:20:47Z",
"published": "2025-11-24T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:21936"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401258"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401292"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2401324"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-21936.html"
}
],
"related": [
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
],
"summary": "Important: valkey security update"
}
cleanstart-2026-mz27698
Vulnerability from cleanstart
Published
2026-01-30 14:39
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.6-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-MZ27698",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:39:52.940858Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MZ27698.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
cleanstart-2026-wi17406
Vulnerability from cleanstart
Published
2026-01-30 17:35
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.2.2-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WI17406",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:35:28.375848Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WI17406.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
cleanstart-2026-bx37171
Vulnerability from cleanstart
Published
2026-01-30 14:43
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BX37171",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:43:22.549529Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BX37171.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
bit-redis-2025-49844
Vulnerability from bitnami_vulndb
Published
2025-10-16 09:18
Modified
2025-11-06 13:25
Summary
Redis Lua Use-After-Free may lead to remote code execution
Details
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "redis",
"purl": "pkg:bitnami/redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.2.11"
},
{
"introduced": "7.3.0"
},
{
"fixed": "7.4.6"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.4"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.2.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-49844"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
"id": "BIT-redis-2025-49844",
"modified": "2025-11-06T13:25:46.476Z",
"published": "2025-10-16T09:18:53.323Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/2"
}
],
"schema_version": "1.6.2",
"summary": "Redis Lua Use-After-Free may lead to remote code execution"
}
bit-valkey-2025-49844
Vulnerability from bitnami_vulndb
Published
2025-10-16 09:19
Modified
2025-11-06 13:25
Summary
Redis Lua Use-After-Free may lead to remote code execution
Details
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "valkey",
"purl": "pkg:bitnami/valkey"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.6"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.1.4"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-49844"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"cpe:2.3:a:valkey-io:valkey:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
"id": "BIT-valkey-2025-49844",
"modified": "2025-11-06T13:25:46.476Z",
"published": "2025-10-16T09:19:55.260Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/2"
}
],
"schema_version": "1.6.2",
"summary": "Redis Lua Use-After-Free may lead to remote code execution"
}
bit-keydb-2025-49844
Vulnerability from bitnami_vulndb
Published
2025-10-16 09:12
Modified
2025-11-06 13:25
Summary
Redis Lua Use-After-Free may lead to remote code execution
Details
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "keydb",
"purl": "pkg:bitnami/keydb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.20"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.2.11"
},
{
"introduced": "7.3.0"
},
{
"fixed": "7.4.6"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.4"
},
{
"introduced": "8.1.0"
},
{
"fixed": "8.2.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-49844"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
"id": "BIT-keydb-2025-49844",
"modified": "2025-11-06T13:25:46.476Z",
"published": "2025-10-16T09:12:52.562Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "WEB",
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/2"
}
],
"schema_version": "1.6.2",
"summary": "Redis Lua Use-After-Free may lead to remote code execution"
}
FKIE_CVE-2025-49844
Vulnerability from fkie_nvd - Published: 2025-10-03 20:15 - Updated: 2025-11-12 11:34
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539 | Patch | |
| security-advisories@github.com | https://github.com/redis/redis/releases/tag/8.2.2 | Release Notes | |
| security-advisories@github.com | https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/10/07/2 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F4D4F6-6F7C-46BC-B37C-DFAC34B097AC",
"versionEndExcluding": "6.2.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F82BD2A-473F-4F3F-9C80-C6448D07C45D",
"versionEndExcluding": "7.2.11",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E336B8-E000-4EFA-95F8-F2B74A4913F0",
"versionEndExcluding": "7.4.6",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "459EBC07-D37A-44E5-95DB-4C3FD9F008FF",
"versionEndExcluding": "8.0.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBF13EC1-FE0A-4242-B8D3-2681485DDDF2",
"versionEndExcluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lfprojects:valkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAF97D0-BE35-43AE-B820-3A88D1F49050",
"versionEndExcluding": "7.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lfprojects:valkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0285AE3-BBEA-4D0E-A8AD-957EC3E78870",
"versionEndExcluding": "8.0.6",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lfprojects:valkey:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725746C6-025D-4364-9D97-E1315D670DF6",
"versionEndExcluding": "8.1.4",
"versionStartIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."
}
],
"id": "CVE-2025-49844",
"lastModified": "2025-11-12T11:34:21.060",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-10-03T20:15:32.823",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2025-49844
Vulnerability from fstec - Published: 03.10.2025
VLAI Severity ?
Title
Уязвимость системы управления базами данных (СУБД) Redis, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость системы управления базами данных (СУБД) Redis связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
ООО «Ред Софт», Redis Labs, ООО «Новые Облачные Технологии»
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Redis, Mailion (запись в едином реестре российских программ №12707)
Software Version
7.3 (РЕД ОС), до 8.2.2 (Redis), 2.3 (Mailion)
Possible Mitigations
Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование списка контроля доступа для ограничения возможности выполнения команд EVAL и EVALSHA;
- использование средств межсетевого экранирования для ограничения удалённого доступа к уязвимой системе;
- сегментирование сети с целью ограничения доступа к уязвимой системе из других подсетей;
- использование систем обнаружения и предотвращения вторжений для обнаружения (выявления, регистрации) и реагирования на попытки эксплуатации уязвимости;
- использование виртуальных частных сетей для организации удаленного доступа (VPN);
- ограничение доступа к уязвимой системе из внешних сетей (Интернет).
Использование рекомендаций:
https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Mailion:
Обовление программного обеспечения до версии 2.3.3G или выше
Reference
https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539
https://github.com/dwisiswant0/CVE-2025-49844
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Redis Labs, \u041e\u041e\u041e \u00ab\u041d\u043e\u0432\u044b\u0435 \u041e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0422\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 8.2.2 (Redis), 2.3 (Mailion)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432. \u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043f\u0438\u0441\u043a\u0430 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434 EVAL \u0438 EVALSHA;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f (\u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f, \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438) \u0438 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN);\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Mailion:\n\u041e\u0431\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.3.3G \u0438\u043b\u0438 \u0432\u044b\u0448\u0435",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.12.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.10.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-12553",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-49844",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Redis, Mailion (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211612707)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539\n\nhttps://github.com/dwisiswant0/CVE-2025-49844\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,9)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…