CyberSecurityBoard
Sponsor Register Login

Redis Servers Vulnerable to Remote Exploitation, Researchers Warn

Recent research has uncovered critical vulnerabilities in Redis servers that could allow remote exploitation by attackers. Redis, a popular in-memory data structure store used widely for caching and message brokering, has been found to have security flaws that expose it to unauthorized access and control. These vulnerabilities could enable attackers to execute arbitrary code, steal sensitive data, or disrupt services by exploiting misconfigurations or inherent weaknesses in Redis server setups. The findings emphasize the importance of securing Redis instances by applying patches, restricting network access, and following best security practices. Organizations relying on Redis are urged to audit their deployments, update software versions, and implement robust monitoring to detect and prevent exploitation attempts. This development highlights the ongoing challenges in securing open-source infrastructure components and the critical need for proactive cybersecurity measures to protect enterprise environments from emerging threats.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Tue, 07 Oct 2025 15:05:03 +0000


Cyber News related to Redis Servers Vulnerable to Remote Exploitation, Researchers Warn

Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
2 years ago Cybersecuritynews.com
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously - Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware. ...
1 year ago Darkreading.com
New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
2 years ago Heimdalsecurity.com
New Migo malware disables protection features on Redis servers - Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Redis is an in-memory data structure store used as a database, cache, and message broker known ...
1 year ago Bleepingcomputer.com
HeadCrab Malware Compromises Over 1,200 Redis Servers Worldwide New Stealthy Threat Detected - At least 1,200 Redis database servers around the world have been taken over by a dangerous and hard-to-detect threat called HeadCrab since early September 2021. According to Aqua Security researcher Asaf Eitani, this advanced threat actor uses a ...
2 years ago Thehackernews.com
HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
2 years ago Bleepingcomputer.com
Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes - “An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed,” Redis maintainers explained in their security advisory. “Exposure to this vulnerability requires a Redis ...
5 months ago Cybersecuritynews.com CVE-2025-21605
'Cryptomining Malware Infects 1,200 Redis Servers with HeadCrab Botnet' - A malicious piece of software known as HeadCrab has infiltrated at least 1,200 Redis servers around the world, according to Aqua Security. Redis servers are designed to be used on secure networks and are vulnerable to unauthorized access if exposed ...
2 years ago Securityweek.com
CVE-2021-21309 - Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. ...
2 years ago
Explore Redis for User Session Management on AWS Elasticache - Just as cities use various systems to keep track of their inhabitants and visitors, web applications rely on user session management to maintain a smooth experience for each person navigating through them. User session management is the mechanism by ...
1 year ago Feeds.dzone.com
New Cryptojacking Attack Exploits Redis Servers - A new cryptojacking attack has been discovered that specifically targets Redis servers, exploiting their vulnerabilities to mine cryptocurrency illicitly. This attack leverages unsecured Redis instances exposed to the internet, allowing attackers to ...
1 month ago Cybersecuritynews.com
Redis Servers Vulnerable to Remote Exploitation, Researchers Warn - Recent research has uncovered critical vulnerabilities in Redis servers that could allow remote exploitation by attackers. Redis, a popular in-memory data structure store used widely for caching and message brokering, has been found to have security ...
18 hours ago Infosecurity-magazine.com CVE-2024-XXXX
CVE-2022-24735 - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially ...
3 years ago
'HeadCrab' Malware Variants Commandeer Thousands of Servers - BLACK HAT EUROPE 2023 - London - The HeadCrab malware, which adds infected devices to a botnet for use in cryptomining and other attacks, has resurfaced with a shiny new variant that allows root access to Redis open source servers. Researchers from ...
1 year ago Darkreading.com
CVE-2025-54472 - Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. ...
1 month ago
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
1 year ago Bleepingcomputer.com CVE-2022-0543
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
1 year ago Bleepingcomputer.com
Patch Now for Redishell Redis RCE - A critical remote code execution vulnerability known as Redishell has been discovered in Redis, a popular in-memory data structure store used widely in cloud environments. This vulnerability allows attackers to execute arbitrary code remotely, posing ...
23 hours ago Darkreading.com CVE-2023-38408
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
1 year ago Securityboulevard.com
CVE-2021-32675 - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk ...
1 year ago
Linux Malware Campaign "Migo" Targets Redis For Cryptomining - Security researchers have uncovered a sophisticated malware campaign targeting Redis, a popular data store system. In particular, Cado Security Labs researchers observed that Migo utilizes new Redis system weakening commands to exploit the data store ...
1 year ago Infosecurity-magazine.com
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
1 year ago Packetstormsecurity.com
CVE-2021-32762 - Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a ...
3 years ago
Rust-Based Botnet P2Pinfect Targets MIPS Architecture - The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published ...
1 year ago Infosecurity-magazine.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
1 year ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)