Redis Server Vulnerability

Cyber Security News by CyberSum.net

Published on October 6, 2025 at 12:00 PM

3 sources

A critical security vulnerability has been discovered in Redis Server, allowing authenticated attackers to achieve remote code execution through a use-after-free flaw in the Lua scripting engine, with the vulnerability affecting all versions of Redis that support Lua scripting functionality and having a CVSS score of 10.0.

Also Read

Spear-Phishing Campaign Targets Automobile and E-commerce Industries

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in the automobile and e-commerce industries. The operation, active since early October 2025, deploys a previously undocumented .NET-based backdoor dubbed CAPI, designed for credential theft, system reconnaissance, and persistent access. The attack chain uses tax-related decoy documents to lure employees and executes the payload through rundll32.exe, a legitimate Windows binary, to evade detection. The infection begins with a malicious ZIP archive named Payroll Recalculation as of October 1, 2025. Inside the ZIP, analysts found both LNK and PDF files, a common spear-phishing tactic to disguise executable payloads as legitimate business documents.

By Cyber Security News by CyberSum.netOctober 20, 2025 at 06:00 AM