Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Redis
Alerts

Critical Vulnerability in Redis

8 October 2025

Redis has released security updates addressing a critical vulnerability in their database platform. Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

Background

Redis has released security updates addressing a critical vulnerability (CVE-2025-49844) in their database platform. This vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10.

Impact

Successful exploitation allows authenticated attacker to upload maliciously crafted scripts and perform remote code execution.

Affected Products

The vulnerability affects the following products:

  • Redis Software versions prior to 7.22.2-12, 7.8.6-207, 7.4.6-272, 7.2.4-138 and 6.4.2-131

  • Redis OSS/CE versions prior to 8.2.2, 8.0.4, 7.4.6 and 7.2.11

  • Redis Stack versions prior to 7.4.0-v7 and 7.2.0-v19

Mitigation

Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

References

https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q

https://redis.io/blog/security-advisory-cve-2025-49844/

https://nvd.nist.gov/vuln/detail/CVE-2025-49844

https://www.infosecurity-magazine.com/news/redis-servers-remote-exploitation/

Back to top