redis security

Redis users should treat this as urgent: a newly disclosed vulnerability in HyperLogLog handling can be triggered by an authenticated client to cause stack or heap out-of-bounds writes — and those memory corruptions can be turned into remote code execution or persistent service loss if left...

Redis administrators need to act now: a denial-of-service flaw tracked as CVE‑2025‑48367 allows an unauthenticated network connection to trigger repeated connection-level errors that can starve legitimate clients and render Redis instances unavailable until patched or otherwise mitigated. The...

Redis’ Lua scripting subsystem contained a subtle but consequential weakness that let a less‑privileged user inject code which could later execute with the privileges of a higher‑privileged Redis user — a bug tracked as CVE‑2022‑24735 and fixed in Redis 6.2.7 and 7.0.0. Background / Overview...

A malformed Lua script that reaches Redis’ embedded interpreter can trigger a NULL-pointer dereference and crash redis-server, a denial‑of‑service flaw tracked as CVE‑2022‑24736 that was fixed upstream in Redis 6.2.7 and 7.0.0; the practical mitigations for environments that cannot immediately...

A Redis Enterprise elevation-of-privilege entry tracked as CVE-2025-59271 was reported in third‑party summaries but — after cross‑checking public advisories and major vulnerability databases — there is no authoritative public record for CVE‑2025‑59271 at the time of writing; the available...

Rockwell Automation’s FactoryTalk Analytics LogixAI has a serious configuration weakness that demands immediate attention from OT and IT teams: CISA republished an advisory assigning CVE-2025-9364 to an overly permissive Redis instance used by LogixAI, calling out exposure of sensitive system...