Redis warns of max-severity flaw impacting thousands of instances

Redis, a widely used in-memory data structure store, has issued a warning about a critical security vulnerability affecting thousands of its instances worldwide. This flaw, rated with maximum severity, poses significant risks to organizations relying on Redis for their data caching and message brokering needs. The vulnerability could allow attackers to execute arbitrary code remotely, potentially leading to full system compromise. Security experts urge administrators to promptly apply patches and updates released by Redis to mitigate the threat. The flaw underscores the importance of continuous monitoring and timely patch management in safeguarding critical infrastructure. Organizations are advised to review their Redis deployments, implement network segmentation, and enforce strict access controls to reduce exposure. This incident highlights the evolving threat landscape targeting open-source software and the necessity for proactive cybersecurity measures. Staying informed about such vulnerabilities and responding swiftly is essential to maintaining robust security postures in today's digital environment.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 06 Oct 2025 16:00:26 +0000

Cyber News related to Redis warns of max-severity flaw impacting thousands of instances

Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously - Attackers are using an 8-year-old version of the Redis open-source database server to maliciously use Metasploit's Meterpreter module to expose exploits within a system, potentially allowing for takeover and distribution of a host of other malware. ...
1 year ago Darkreading.com

Redis warns of max-severity flaw impacting thousands of instances - Redis, a widely used in-memory data structure store, has issued a warning about a critical security vulnerability affecting thousands of its instances worldwide. This flaw, rated with maximum severity, poses significant risks to organizations relying ...
1 day ago Bleepingcomputer.com CVE-2023-38408

Hackers Compromised Over 1,200 Redis Database Servers - A new type of malware, designed to target vulnerable Redis servers on the internet, has been spreading rapidly since September 2021. This is a quick-spreading malware, designed to operate stealthily, that has already infiltrated over thousand ...
2 years ago Cybersecuritynews.com

New Migo malware disables protection features on Redis servers - Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Redis is an in-memory data structure store used as a database, cache, and message broker known ...
1 year ago Bleepingcomputer.com

Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes - “An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed,” Redis maintainers explained in their security advisory. “Exposure to this vulnerability requires a Redis ...
5 months ago Cybersecuritynews.com CVE-2025-21605

CVE-2021-21309 - Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. ...
2 years ago

HeadCrab Malware Compromises Over 1,200 Redis Servers Worldwide New Stealthy Threat Detected - At least 1,200 Redis database servers around the world have been taken over by a dangerous and hard-to-detect threat called HeadCrab since early September 2021. According to Aqua Security researcher Asaf Eitani, this advanced threat actor uses a ...
2 years ago Thehackernews.com

Explore Redis for User Session Management on AWS Elasticache - Just as cities use various systems to keep track of their inhabitants and visitors, web applications rely on user session management to maintain a smooth experience for each person navigating through them. User session management is the mechanism by ...
1 year ago Feeds.dzone.com

New HeadCrab Malware Hijacks 1,200 Redis Servers - Since September 2021, over a thousand vulnerable Redis servers online have been infected by a stealthy malware dubbed "HeadCrab", designed to build a botnet that mines Monero cryptocurrency. At least 1,200 servers have been infected by the HeadCrab ...
2 years ago Heimdalsecurity.com

CVE-2022-24735 - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially ...
3 years ago

New Cryptojacking Attack Exploits Redis Servers - A new cryptojacking attack has been discovered that specifically targets Redis servers, exploiting their vulnerabilities to mine cryptocurrency illicitly. This attack leverages unsecured Redis instances exposed to the internet, allowing attackers to ...
1 month ago Cybersecuritynews.com

CVE-2021-32628 - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The ...
3 years ago

'Cryptomining Malware Infects 1,200 Redis Servers with HeadCrab Botnet' - A malicious piece of software known as HeadCrab has infiltrated at least 1,200 Redis servers around the world, according to Aqua Security. Redis servers are designed to be used on secure networks and are vulnerable to unauthorized access if exposed ...
2 years ago Securityweek.com

CVE-2025-54472 - Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. ...
1 month ago

Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
1 year ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515

CVE-2021-32761 - Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis ...
3 years ago

Patch Now for Redishell Redis RCE - A critical remote code execution vulnerability known as Redishell has been discovered in Redis, a popular in-memory data structure store used widely in cloud environments. This vulnerability allows attackers to execute arbitrary code remotely, posing ...
1 day ago Darkreading.com CVE-2023-38408

Redis Servers Vulnerable to Remote Exploitation, Researchers Warn - Recent research has uncovered critical vulnerabilities in Redis servers that could allow remote exploitation by attackers. Redis, a popular in-memory data structure store used widely for caching and message brokering, has been found to have security ...
21 hours ago Infosecurity-magazine.com CVE-2024-XXXX

Critical Atlassian Confluence bug exploited in Cerber ransomware attacks - Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. Described by Atlassian as an improper authorization vulnerability and tracked as ...
1 year ago Bleepingcomputer.com CVE-2023-22518 CVE-2023-22515 Trigona

CVE-2021-32675 - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk ...
1 year ago

HeadCrab Malware Infects 1,200 Redis Servers to Mine Monero Cryptocurrency - A new stealthy malware, HeadCrab, designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021. Discovered by Aqua Security researchers Nitzan Yaakov and Asaf Eitani, the malware has so far ensnared ...
2 years ago Bleepingcomputer.com

CVE-2022-49266 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104

CVE-2021-32687 - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code ...
3 years ago

CVE-2021-32627 - Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the ...
3 years ago

Redis warns of max-severity flaw impacting thousands of instances

Cyber News related to Redis warns of max-severity flaw impacting thousands of instances

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)