Tag Archives: Redis

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

Leave a reply

November In the Trend of VM (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here’s a big one. 🔥

🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)

A total of nine vulnerabilities:

🔻 RCE – Windows Server Update Services (WSUS) (CVE-2025-59287)
🔻 RCE – Microsoft SharePoint “ToolShell” (CVE-2025-49704)
🔻 RCE – Windows LNK File (CVE-2025-9491)
🔻 EoP – Windows Remote Access Connection Manager (CVE-2025-59230)
🔻 EoP – Windows Agere Modem Driver (CVE-2025-24990)
🔻 RCE – Redis “RediShell” (CVE-2025-49844)
🔻 RCE – XWiki Platform (CVE-2025-24893)
🔻 XSS – Zimbra Collaboration (CVE-2025-27915)
🔻 EoP – Linux Kernel (CVE-2025-38001)

🟥 Trending Vulnerabilities Portal

На русском

About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability

Leave a reply

About Remote Code Execution - Redis RediShell (CVE-2025-49844) vulnerability

About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability. Redis is a popular in-memory key–value database, used as a distributed cache and message broker, with optional durability. This vulnerability allows a remote authenticated attacker to execute arbitrary code via a specially crafted Lua script. The requirement for authentication does not reduce its severity, because authentication in Redis is disabled by default and is often not used. 🤷‍♂️

⚙️ The vulnerability was discovered by Wiz researchers and presented at Pwn2Own Berlin in May of this year; it was fixed on October 3 (version 8.2.2).

🛠 As of October 7, a public exploit for the vulnerability is available on GitHub.

👾 There are no reports of attacks so far.

🌐 As of October 7, 330,000 Redis instances were accessible on the Internet, of which 60,000 had no authentication.

На русском

October Linux Patch Wednesday

Leave a reply

October Linux Patch Wednesday

October Linux Patch Wednesday. In October, Linux vendors began addressing 801 vulnerabilities, slightly more than in September. Of these, 546 are in the Linux Kernel. One is being exploited in the wild:

🔻 EoP – VMware Tools (CVE-2025-41244). This vulnerability has been exploited since October 2024, and public exploits are available. According to the description, exploitation requires VMware Aria Operations.

Public or suspected exploits exist for 39 more vulnerabilities, including:

🔸 RCE – Redis (CVE-2025-49844 – RediShell, CVE-2025-46817), OpenSSH (CVE-2025-61984), 7-Zip (CVE-2025-11001, CVE-2025-11002)
🔸 EoP – FreeIPA (CVE-2025-7493), Asterisk (CVE-2025-1131)
🔸 SQLi – MapServer (CVE-2025-59431)
🔸 SFB – authlib (CVE-2025-59420)
🔸 MemCor – Binutils (CVE-2025-11082 and 7 more), Open Babel (CVE-2025-10995 and 6 more)

🗒 Full Vulristics report

На русском

July Linux Patch Wednesday

1 Reply

July Linux Patch Wednesday

July Linux Patch Wednesday. This time, there are 470 vulnerabilities, slightly fewer than in June. Of these, 291 are in the Linux Kernel. One vulnerability shows signs of being exploited in the wild (CISA KEV):

🔻 SFB – Chromium (CVE-2025-6554)

There are also 36 (❗️) vulnerabilities for which public exploits are available or suspected to exist. Notable among them:

🔸 RCE – Redis (CVE-2025-32023), pgAdmin (CVE-2024-3116), Git (CVE-2025-48384)
🔸 EoP – Sudo (CVE-2025-32462, CVE-2025-32463)
🔸 PathTrav – Tar (CVE-2025-45582)
🔸 XSS – jQuery (CVE-2012-6708)
🔸 SFB – PHP (CVE-2025-1220)
🔸 DoS – LuaJIT (CVE-2024-25177), Linux Kernel (CVE-2025-38089)
🔸 MemCor – DjVuLibre (CVE-2025-53367)

🗒 Full Vulristics report

На русском