Home > Security Alerts > Redis Critical Remote Code Execution Vulnerability Discovered After 13 Years

Redis Critical Remote Code Execution Vulnerability Discovered After 13 Years

November 9, 2025 Sunday

CVE-2025-49844. This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute remote code on older versions of Redis and Valkey with Lua scripting enabled.

Latest News

LabArchives Laboratory Notebook Cloud Platform available to HKU research groups 

Your opinion matters, share your thoughts by completing the survey about HKU communication channels

Mobile Mail App EAS version below 16.1 will no longer support after March 2026

Update on Staff UID Change Policy

Facial Identity (Face ID) Access for HKU Main Library and Chi Wah Learning Commons

Popular Services:

uPrint
Study Rooms in Learning Commons
Software Download
Application
HKU Virtual Private Network (HKUVPN)

Redis Critical Remote Code Execution Vulnerability Discovered After 13 Years

About ITS

Alerts

Service Request & Support