Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Ubuntu 25.10: Critical Remote Code Execution Vulnerability USN-7824-1

ubuntu
Calendar Grey October 16, 2025
Dist Ubuntu Esm H88
Redis may crash or run unintended programs due to crafted traffic, posing a threat to user security. Update advised.
Redis could be made to crash or run programs if it received specially crafted network traffic from an authenticated user.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Redis could be made to crash or run programs if it received specially crafted network traffic from an authenticated user. Software Description: - redis: Persistent key-value database with network interface Details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server.

Topics%20covered

Topics Covered

security advisory remote code execution Ubuntu important network attack redis

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 redis 5:8.0.2-3ubuntu0.25.10.1 redis-sentinel 5:8.0.2-3ubuntu0.25.10.1 redis-server 5:8.0.2-3ubuntu0.25.10.1 redis-tools 5:8.0.2-3ubuntu0.25.10.1 Ubuntu 25.04 redis 5:7.0.15-3ubuntu0.1 redis-sentinel 5:7.0.15-3ubuntu0.1 redis-server 5:7.0.15-3ubuntu0.1 redis-tools 5:7.0.15-3ubuntu0.1 Ubuntu 24.04 LTS redis 5:7.0.15-1ubuntu0.24.04.2 redis-sentinel 5:7.0.15-1ubuntu0.24.04.2 redis-server 5:7.0.15-1ubuntu0.24.04.2 redis-tools 5:7.0.15-1ubuntu0.24.04.2 Ubuntu 20.04 LTS redis 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro redis-sentinel 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro redis-server 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro redis-tools 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS redis 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro redis-sentinel 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro redis-server 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro redis-tools 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS redis-sentinel 2:3.0.6-1ubuntu0.4+esm4 Available with Ubuntu Pro redis-server 2:3.0.6-1ubuntu0.4+esm4 Available with Ubuntu Pro redis-tools 2:3.0.6-1ubuntu0.4+esm4 Available with Ubuntu Pro Ubuntu 14.04 LTS redis-server 2:2.8.4-2ubuntu0.2+esm5 Available with Ubuntu Pro redis-tools 2:2.8.4-2ubuntu0.2+esm5 Available with Ubuntu Pro After a standard system update you need to restart Redis to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7824-1

CVE-2025-49844

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7824-1

Topics%20covered

Topics Covered

security advisory remote code execution Ubuntu important network attack redis

Package Information

https://launchpad.net/ubuntu/+source/redis/5:8.0.2-3ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/redis/5:7.0.15-3ubuntu0.1 https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubuntu0.24.04.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here