Redis
Company Details
Linkedin ID:
redisinc
Website:
Employees number:
1,399
Number of followers:
282,055
NAICS:
5112
Industry Type:
Homepage:
redis.io
IP Addresses:
0
Company ID:
RED_2235136
Scan Status:
In-progress
Redis Company CyberSecurity Posture
redis.io
Redis is the world's fastest data platform. We provide cloud and on-prem solutions for caching, vector search, and more that seamlessly fit into any tech stack. With fast setup and fast support, we make it simple for digital customers to build, scale, and deploy the fast apps our world runs on.
Redis A.I CyberSecurity Scoring
Redis Risk Score (AI oriented)Between 750 and 799
Redis
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Redis Global Score (TPRM)XXXX
Redis
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Redis Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Redis
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: Redis disclosed CVE-2025-49844 (RediShell), a critical CVSS 10.0 vulnerability in its in-memory database software, allowing authenticated attackers to exploit a use-after-free (UAF) memory corruption bug via malicious Lua scripts. This flaw, present for 13 years, enables remote code execution (RCE), granting full host system access. Attackers could steal credentials, exfiltrate sensitive data, deploy malware (e.g., ransomware), or pivot to other cloud services. The vulnerability affects all Redis versions prior to 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2, with ~330,000 exposed instances globally, including 60,000 unprotected by authentication. While no in-the-wild exploitation is confirmed, Redis instances are prime targets for cryptojacking, botnet recruitment, and data breaches. Immediate mitigation requires patching, restricting Lua script execution via ACLs, and enforcing strong authentication. Failure to act risks large-scale data theft, system hijacking, or lateral movement across cloud environments, posing severe operational and reputational damage.
Redis
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Redis, the company behind the widely used in-memory data store, disclosed a critical vulnerability (CVE-2025-49844, dubbed RediShell) allowing attackers to escape the Lua sandbox and execute arbitrary native code on the host system via a use-after-free memory corruption bug. The flaw, present since 2012, affects Redis versions with Lua scripting (v8.2.1 and earlier). Worse, 57% of cloud Redis deployments use default container images with authentication disabled, exposing ~60,000 internet-facing instances globally to remote code execution (RCE) risks. Exploitation could lead to persistent access, cryptomining, data exfiltration (Redis/host), credential theft (e.g., IAM tokens for lateral cloud movement), and full system compromise. German authorities warned of imminent attacks due to the flaw’s simplicity and Redis’ ubiquity. Patches are available, but unpatched systems remain at severe risk of complete takeover, especially if exposed without authentication or proper ACLs.
Redis Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Redis
Incidents vs Software Development Industry Average (This Year)
No incidents recorded for Redis in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Redis in 2026.
Incident Types Redis vs Software Development Industry Avg (This Year)
No incidents recorded for Redis in 2026.
Incident History — Redis (X = Date, Y = Severity)
Redis cyber incidents detection timeline including parent company and subsidiaries
Redis Company Subsidiaries
Redis is the world's fastest data platform. We provide cloud and on-prem solutions for caching, vector search, and more that seamlessly fit into any tech stack. With fast setup and fast support, we make it simple for digital customers to build, scale, and deploy the fast apps our world runs on.
Loading...
Redis Similar Companies
Baidu is a leading AI company with strong Internet foundation, driven by our mission to “make the complicated world simpler through technology”. Founded in 2000 as a search engine platform, we were an early adopter of artificial intelligence in 2010. Since then, we have established a full AI stack,
Airbnb
Airbnb was born in 2007 when two hosts welcomed three guests to their San Francisco home, and has since grown to over 5 million hosts who have welcomed over 2 billion guest arrivals in almost every country across the globe. Every day, hosts offer unique stays, experiences and services that make it p
Broadcom's VMware software manages cloud complexity so customers can modernize infrastructure, accelerate app development, and protect workloads, wherever these reside. Our flagship cloud solutions provide the security and performance of private cloud combined with the scale and agility of public c
Cox Automotive Inc.
Cox Automotive is the world’s largest automotive services and technology provider. Fueled by the largest breadth of first-party data fed by 2.3 billion online interactions a year, Cox Automotive tailors leading solutions for car shoppers, auto manufacturers, dealers, lenders and fleets. The company
Sage
At Sage, we knock down barriers with information, insights, and tools to help your business flow. We provide businesses with software and services that are simple and easy to use, as we work with you to give you that feeling of confidence. Customers trust our Payroll, HR, and Finance software to m
Rakuten Group, Inc. (TSE: 4755) is a global technology leader in services that empower individuals, communities, businesses and society. Founded in Tokyo in 1997 as an online marketplace, Rakuten has expanded to offer services in e-commerce, fintech, digital content and communications to 2 billion m
Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consu
Bosch USA
The Bosch Group’s strategic objective is to create solutions for a connected life. Bosch improves quality of life worldwide with innovative products and services that are "Invented for life" and spark enthusiasm. Podcast: http://bit.ly/beyondbosch Imprint: https://www.bosch.us/corporate-informatio
NiCE
NiCE is transforming the world with AI that puts people first. Our purpose-built AI-powered platforms automate engagements into proactive, safe, intelligent actions, empowering individuals and organizations to innovate and act, from interaction to resolution. Trusted by organizations throughout 150
.png)
Redis CyberSecurity News
January 17, 2026 03:27 PM
JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability
JFrog highlights a serious Redis vulnerability (CVE-2025-62507) at risk for RCE, urging immediate patching for enhanced security.
November 02, 2025 07:00 AM
Implementing AI in the SOC: Lessons Learned from Redis
Redis slashes SOC investigation times using Prophet AI while maintaining transparency and human oversight.
October 30, 2025 07:00 AM
RediShell RCE Vulnerability Exposes 8,500+ Redis Instances to Code Execution Attacks
The cybersecurity landscape faced a critical threat in early October 2025 with the public disclosure of RediShell, a severe use-after-free...
October 27, 2025 07:00 AM
It Looks Like Telegram, It Texts Like Telegram, But It’s Not Telegram
A Redis-powered Android backdoor posing as Telegram X infects 58000 devices, stealing messages, tokens, and data in a sophisticated global...
October 24, 2025 07:00 AM
Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X
A new Android threat is spreading fast through fake versions of Telegram X, giving attackers complete control over users' accounts.
October 13, 2025 07:00 AM
Redis Critical Vulnerability Exposes over 60,000 Instances to RCE and Host Take Over
Security researchers at Wiz Research have discovered a critical vulnerability in the Redis in-memory database that could allow an attacker...
October 08, 2025 07:00 AM
Critical Redis Bug Threatens Global Cloud Security
A Redis flaw, CVE-2025-49844, exposes 75% of cloud systems to remote code execution, data theft, and full system compromise.
October 08, 2025 07:00 AM
Critical Vulnerability in Redis
Redis has released security updates addressing a critical vulnerability (CVE-2025-49844) in their database platform. This vulnerability has a...
October 08, 2025 07:00 AM
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Redis CyberSecurity History Information
Official Website of Redis
The official website of Redis is http://redis.io.
Redis’s AI-Generated Cybersecurity Score
According to Rankiteo, Redis’s AI-generated cybersecurity score is 765, reflecting their Fair security posture.
How many security badges does Redis’ have ?
According to Rankiteo, Redis currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Redis been affected by any supply chain cyber incidents ?
According to Rankiteo, Redis has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Redis have SOC 2 Type 1 certification ?
According to Rankiteo, Redis is not certified under SOC 2 Type 1.
Does Redis have SOC 2 Type 2 certification ?
According to Rankiteo, Redis does not hold a SOC 2 Type 2 certification.
Does Redis comply with GDPR ?
According to Rankiteo, Redis is not listed as GDPR compliant.
Does Redis have PCI DSS certification ?
According to Rankiteo, Redis does not currently maintain PCI DSS compliance.
Does Redis comply with HIPAA ?
According to Rankiteo, Redis is not compliant with HIPAA regulations.
Does Redis have ISO 27001 certification ?
According to Rankiteo,Redis is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Redis
Redis operates primarily in the Software Development industry.
Number of Employees at Redis
Redis employs approximately 1,399 people worldwide.
Subsidiaries Owned by Redis
Redis presently has no subsidiaries across any sectors.
Redis’s LinkedIn Followers
Redis’s official LinkedIn profile has approximately 282,055 followers.
NAICS Classification of Redis
Redis is classified under the NAICS code 5112, which corresponds to Software Publishers.
Redis’s Presence on Crunchbase
Yes, Redis has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/redis.
Redis’s Presence on LinkedIn
Yes, Redis maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/redisinc.
Cybersecurity Incidents Involving Redis
As of January 21, 2026, Rankiteo reports that Redis has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Redis has an estimated 28,125 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Redis ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does Redis detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with wiz (discovery and reporting), and containment measures with released patched versions (6.2.20, 7.2.11, 7.4.6, 8.0.4, 8.2.2), containment measures with advisory published on github, containment measures with public disclosure with mitigation guidance, and remediation measures with apply patches to affected redis versions, remediation measures with restrict eval and evalsha commands via acl, remediation measures with limit lua script execution to trusted identities, remediation measures with avoid exposing redis instances to the internet, remediation measures with enforce strong authentication, and communication strategy with github advisory, communication strategy with public disclosure via media, communication strategy with vendor notifications, and network segmentation with recommended as mitigation, and enhanced monitoring with recommended for redis instances, and third party assistance with wiz research (discovery/reporting), and containment measures with patch deployment (see fixed versions), containment measures with disabling lua scripting via acl restrictions on eval/evalsha commands, containment measures with network segmentation, and remediation measures with enable authentication (default disabled in official container images), remediation measures with disable unnecessary redis commands, remediation measures with run redis as non-root user, remediation measures with activate logging/monitoring, remediation measures with implement network-level access controls, remediation measures with restrict redis access to authorized networks, and communication strategy with public advisory by redis, communication strategy with alert by german bsi, communication strategy with wiz research blog post (technical details withheld temporarily), and network segmentation with recommended, and enhanced monitoring with recommended (redis logging activation)..
Incident Details
Can you provide details on each incident ?
Title: Critical Redis 'RediShell' Vulnerability (CVE-2025-49844) Enables Remote Code Execution
Description: Redis disclosed a maximum-severity security flaw (CVE-2025-49844, aka RediShell) in its in-memory database software, allowing remote code execution via a specially crafted Lua script. The vulnerability, assigned a CVSS score of 10.0, exists in all Redis versions with Lua scripting and requires authenticated access for exploitation. It was discovered by Wiz and patched in versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2 (released October 3, 2025). The flaw, a 13-year-old use-after-free (UAF) memory corruption bug, permits attackers to escape the Lua sandbox, execute arbitrary native code, and gain full host system access. While no wild exploitation is confirmed, the vulnerability poses a significant threat due to ~330,000 exposed Redis instances globally, with ~60,000 lacking authentication. Attackers could exploit it for cryptojacking, botnet enrollment, credential theft, malware deployment, data exfiltration, or lateral movement in cloud environments.
Date Detected: 2025-05-16
Date Publicly Disclosed: 2025-10-03
Date Resolved: 2025-10-03
Type: Vulnerability Disclosure
Attack Vector: NetworkAuthentication RequiredLua Script Injection
Vulnerability Exploited: Cve Id: CVE-2025-49844, Name: RediShell, Type: Use-After-Free (UAF) Memory Corruption, Cvss Score: 10.0, Cvss Vector: None, Affected Versions: All versions of Redis with Lua scripting, 6.2.207.2.117.4.68.0.48.2.2Exposure Window: ~13 years (since Redis source code inclusion).
Motivation: Potential CryptojackingBotnet EnrollmentData TheftLateral MovementUnauthorized Access
Title: Critical Redis Vulnerability (CVE-2025-49844) Enables Remote Code Execution via Lua Scripting (RediShell)
Description: Redis, the company behind the widely used in-memory data structure store, has patched a critical vulnerability (CVE-2025-49844, dubbed 'RediShell') that allows post-authentication attackers to escape the Lua sandbox and execute arbitrary native code on the Redis host. The flaw stems from a use-after-free memory corruption bug introduced in 2012, affecting Redis versions with Lua scripting (v8.2.1 and earlier). Exploitation could lead to persistent access, cryptomining, data exfiltration, credential theft, and lateral movement in cloud environments. Approximately 330,000 internet-exposed Redis instances exist globally, with ~60,000 lacking authentication. The German BSI warns of imminent exploitation attempts once technical details are publicized.
Type: Vulnerability
Attack Vector: NetworkLua Script Injection (EVAL/EVALSHA commands)Post-Authentication
Vulnerability Exploited: CVE-2025-49844 (RediShell - Use-after-free in Lua sandbox)
Motivation: Potential for cryptominingData exfiltrationLateral movement in cloud environmentsPersistent accessCredential theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Data Compromised: Potential credentials, Sensitive data stored in redis, Cloud environment resources
Systems Affected: Redis instances with Lua scripting enabledUnderlying host systems
Operational Impact: Full host system access for attackersRisk of data exfiltration/wiping/encryptionResource hijacking
Brand Reputation Impact: High (due to maximum-severity vulnerability in widely used database)
Identity Theft Risk: ['High (if credentials stored in Redis are compromised)']
Payment Information Risk: ['High (if payment data stored in Redis is compromised)']
Incident : Vulnerability RED3893338100725
Data Compromised: Redis database contents, Host system data, Cloud service credentials (e.g., iam tokens)
Systems Affected: Redis servers (v8.2.1 and earlier with Lua scripting)Underlying host systemsCloud environments using Redis containers
Operational Impact: Unauthorized code executionPotential service disruptionCompromised cloud infrastructure
Brand Reputation Impact: High risk due to widespread Redis usagePotential loss of trust in cloud security
Identity Theft Risk: ['If credentials/IAM tokens are stolen']
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Potential: Credentials, Sensitive Data In Redis, Cloud Environment Resources, , Redis Database Contents, Host System Files, Cloud Credentials (E.G., Iam Tokens) and .
Which entities were affected by each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Entity Name: Redis (by Redis Ltd.)
Entity Type: Software Vendor
Industry: Database Technology
Location: Global
Customers Affected: All users of Redis with Lua scripting enabled (~330,000 exposed instances globally)
Incident : Vulnerability RED3893338100725
Entity Name: Redis Ltd.
Entity Type: Software Company
Industry: Database/Technology
Location: Global
Customers Affected: Users of Redis (server) versions with Lua scripting: v8.2.1 and earlier, including ~330,000 internet-exposed instances (~60,000 without authentication)
Incident : Vulnerability RED3893338100725
Entity Name: Organizations using Redis containers
Entity Type: Enterprises, Cloud Service Providers, Developers
Location: Global (notably ~4,000 unprotected instances in Germany per BSI)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Incident Response Plan Activated: True
Third Party Assistance: Wiz (Discovery And Reporting).
Containment Measures: Released patched versions (6.2.20, 7.2.11, 7.4.6, 8.0.4, 8.2.2)Advisory published on GitHubPublic disclosure with mitigation guidance
Remediation Measures: Apply patches to affected Redis versionsRestrict EVAL and EVALSHA commands via ACLLimit Lua script execution to trusted identitiesAvoid exposing Redis instances to the internetEnforce strong authentication
Communication Strategy: GitHub advisoryPublic disclosure via mediaVendor notifications
Network Segmentation: ['Recommended as mitigation']
Enhanced Monitoring: Recommended for Redis instances
Incident : Vulnerability RED3893338100725
Third Party Assistance: Wiz Research (Discovery/Reporting).
Containment Measures: Patch deployment (see fixed versions)Disabling Lua scripting via ACL restrictions on EVAL/EVALSHA commandsNetwork segmentation
Remediation Measures: Enable authentication (default disabled in official container images)Disable unnecessary Redis commandsRun Redis as non-root userActivate logging/monitoringImplement network-level access controlsRestrict Redis access to authorized networks
Communication Strategy: Public advisory by RedisAlert by German BSIWiz Research blog post (technical details withheld temporarily)
Network Segmentation: Recommended
Enhanced Monitoring: Recommended (Redis logging activation)
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Wiz (discovery and reporting), , Wiz Research (discovery/reporting), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Disclosure RED5093050100725
Type of Data Compromised: Potential: credentials, sensitive data in redis, cloud environment resources
Sensitivity of Data: High (if sensitive data stored in Redis)
Data Exfiltration: Potential (if exploited)
Personally Identifiable Information: Potential (if PII stored in Redis)
Incident : Vulnerability RED3893338100725
Type of Data Compromised: Redis database contents, Host system files, Cloud credentials (e.g., iam tokens)
Sensitivity of Data: High (potential for credential theft and lateral movement)
Data Exfiltration: Possible (noted as a risk by Wiz researchers)
Personally Identifiable Information: Possible (if stored in Redis)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Apply patches to affected Redis versions, Restrict EVAL and EVALSHA commands via ACL, Limit Lua script execution to trusted identities, Avoid exposing Redis instances to the internet, Enforce strong authentication, , Enable authentication (default disabled in official container images), Disable unnecessary Redis commands, Run Redis as non-root user, Activate logging/monitoring, Implement network-level access controls, Restrict Redis access to authorized networks, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by released patched versions (6.2.20, 7.2.11, 7.4.6, 8.0.4, 8.2.2), advisory published on github, public disclosure with mitigation guidance, , patch deployment (see fixed versions), disabling lua scripting via acl restrictions on eval/evalsha commands, network segmentation and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Vulnerability RED3893338100725
Regulatory Notifications: German BSI alert issued
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Lessons Learned: Default configurations in widely used software can introduce long-term risks (13-year-old bug)., Exposing database instances to the internet significantly increases attack surface., Scripting features (e.g., Lua in Redis) require strict access controls., Proactive vulnerability discovery (e.g., by Wiz) is critical for open-source projects.
Incident : Vulnerability RED3893338100725
Lessons Learned: Default configurations (e.g., no auth in container images) introduce significant risk, Legacy code (2012 vulnerability) can resurface as critical flaws, Widespread exposure of services (330K instances) amplifies impact, Post-authentication vulnerabilities can be as severe as pre-auth flaws
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Disclosure RED5093050100725
Recommendations: Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Avoid exposing Redis instances to the internet; use firewalls or private networks., Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Monitor Redis instances for unusual activity, especially Lua script executions., Segment networks to limit lateral movement if a Redis instance is compromised., Audit Redis data for sensitive information and apply encryption where needed., Review cloud environments for misconfigured Redis deployments.
Incident : Vulnerability RED3893338100725
Recommendations: Immediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instancesImmediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instancesImmediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instancesImmediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instancesImmediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instancesImmediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instancesImmediately patch Redis to fixed versions (see advisory), Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Harden Redis deployments (non-root user, command restrictions, logging), Isolate Redis instances with network access controls, Monitor for exploitation attempts (especially after PoC release), Audit cloud environments for exposed Redis instances
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Default configurations in widely used software can introduce long-term risks (13-year-old bug).,Exposing database instances to the internet significantly increases attack surface.,Scripting features (e.g., Lua in Redis) require strict access controls.,Proactive vulnerability discovery (e.g., by Wiz) is critical for open-source projects.Default configurations (e.g., no auth in container images) introduce significant risk,Legacy code (2012 vulnerability) can resurface as critical flaws,Widespread exposure of services (330K instances) amplifies impact,Post-authentication vulnerabilities can be as severe as pre-auth flaws.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Isolate Redis instances with network access controls, Enable authentication for all Redis instances, Disable Lua scripting if not required (via ACLs), Immediately patch Redis to fixed versions (see advisory), Audit cloud environments for exposed Redis instances, Harden Redis deployments (non-root user, command restrictions, logging) and Monitor for exploitation attempts (especially after PoC release).
References
Where can I find more information about each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Source: GitHub Advisory for CVE-2025-49844
Incident : Vulnerability Disclosure RED5093050100725
Source: Wiz Research Report
Incident : Vulnerability Disclosure RED5093050100725
Source: Redis Official Announcement
Incident : Vulnerability RED3893338100725
Source: Wiz Research
Incident : Vulnerability RED3893338100725
Source: German Federal Office for Information Security (BSI) Alert
Incident : Vulnerability RED3893338100725
Source: Redis Security Advisory
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: GitHub Advisory for CVE-2025-49844, and Source: Wiz Research Report, and Source: Redis Official Announcement, and Source: Wiz Research, and Source: German Federal Office for Information Security (BSI) Alert, and Source: Redis Security Advisory.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Investigation Status: Completed (vulnerability disclosed, patches released; no evidence of wild exploitation)
Incident : Vulnerability RED3893338100725
Investigation Status: Ongoing (technical details withheld by Wiz to delay exploitation)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Github Advisory, Public Disclosure Via Media, Vendor Notifications, Public Advisory By Redis, Alert By German Bsi and Wiz Research Blog Post (Technical Details Withheld Temporarily).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Stakeholder Advisories: Users Advised To Patch Immediately And Apply Mitigation Measures.
Customer Advisories: Redis users urged to update, restrict Lua script access, and secure instances
Incident : Vulnerability RED3893338100725
Stakeholder Advisories: Redis Users/Administrators, Cloud Service Providers, Devops/Sre Teams, Security Researchers.
Customer Advisories: Users advised to patch immediately or disable Lua scripting; hardening guidance provided
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Users Advised To Patch Immediately And Apply Mitigation Measures, Redis Users Urged To Update, Restrict Lua Script Access, And Secure Instances, , Redis Users/Administrators, Cloud Service Providers, Devops/Sre Teams, Security Researchers and Users advised to patch immediately or disable Lua scripting; hardening guidance provided.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Disclosure RED5093050100725
Root Causes: 13-Year-Old Use-After-Free Bug In Redis Lua Scripting Implementation., Default Enabling Of Lua Scripting Without Strict Access Controls., Widespread Exposure Of Redis Instances To The Internet (~330,000 Instances)., Lack Of Authentication On ~60,000 Exposed Instances.,
Corrective Actions: Patches Released To Fix The Memory Corruption Bug., Guidance Provided To Restrict Lua Script Execution., Public Awareness Campaign On Securing Redis Deployments., Recommendations For Network Segmentation And Monitoring.,
Incident : Vulnerability RED3893338100725
Root Causes: Use-After-Free Bug In Lua Sandbox (Introduced 2012), Default Insecure Configurations (Auth Disabled In Container Images), Widespread Internet Exposure Of Redis Instances, Lack Of Input Validation For Lua Scripts,
Corrective Actions: Code Fixes In Patched Versions, Security Hardening Recommendations, Public Awareness Campaigns (E.G., Bsi Alert),
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Wiz (Discovery And Reporting), , Recommended For Redis Instances, , Wiz Research (Discovery/Reporting), , Recommended (Redis logging activation).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Patches Released To Fix The Memory Corruption Bug., Guidance Provided To Restrict Lua Script Execution., Public Awareness Campaign On Securing Redis Deployments., Recommendations For Network Segmentation And Monitoring., , Code Fixes In Patched Versions, Security Hardening Recommendations, Public Awareness Campaigns (E.G., Bsi Alert), .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-16.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-10-03.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2025-10-03.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Potential credentials, Sensitive data stored in Redis, Cloud environment resources, , Redis database contents, Host system data, Cloud service credentials (e.g., IAM tokens) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Redis instances with Lua scripting enabledUnderlying host systems and Redis servers (v8.2.1 and earlier with Lua scripting)Underlying host systemsCloud environments using Redis containers.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was wiz (discovery and reporting), , wiz research (discovery/reporting), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Released patched versions (6.2.20, 7.2.11, 7.4.6, 8.0.4, 8.2.2)Advisory published on GitHubPublic disclosure with mitigation guidance and Patch deployment (see fixed versions)Disabling Lua scripting via ACL restrictions on EVAL/EVALSHA commandsNetwork segmentation.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Redis database contents, Cloud environment resources, Sensitive data stored in Redis, Cloud service credentials (e.g., IAM tokens), Host system data and Potential credentials.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Post-authentication vulnerabilities can be as severe as pre-auth flaws.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Isolate Redis instances with network access controls, Restrict EVAL and EVALSHA commands via ACL rules to prevent Lua script execution by untrusted users., Monitor Redis instances for unusual activity, especially Lua script executions., Enable authentication for all Redis instances, Audit Redis data for sensitive information and apply encryption where needed., Segment networks to limit lateral movement if a Redis instance is compromised., Review cloud environments for misconfigured Redis deployments., Disable Lua scripting if not required (via ACLs), Enforce strong authentication (e.g., passwords, TLS) for Redis instances., Immediately patch Redis to fixed versions (see advisory), Immediately patch Redis instances to versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, or 8.2.2., Harden Redis deployments (non-root user, command restrictions, logging), Audit cloud environments for exposed Redis instances, Avoid exposing Redis instances to the internet; use firewalls or private networks. and Monitor for exploitation attempts (especially after PoC release).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are GitHub Advisory for CVE-2025-49844, Redis Official Announcement, German Federal Office for Information Security (BSI) Alert, Wiz Research Report, Wiz Research and Redis Security Advisory.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (vulnerability disclosed, patches released; no evidence of wild exploitation).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Users advised to patch immediately and apply mitigation measures, Redis users/administrators, Cloud service providers, DevOps/SRE teams, Security researchers, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Redis users urged to update, restrict Lua script access, and secure instances and Users advised to patch immediately or disable Lua scripting; hardening guidance provided.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was 13-year-old use-after-free bug in Redis Lua scripting implementation.Default enabling of Lua scripting without strict access controls.Widespread exposure of Redis instances to the internet (~330,000 instances).Lack of authentication on ~60,000 exposed instances., Use-after-free bug in Lua sandbox (introduced 2012)Default insecure configurations (auth disabled in container images)Widespread internet exposure of Redis instancesLack of input validation for Lua scripts.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Patches released to fix the memory corruption bug.Guidance provided to restrict Lua script execution.Public awareness campaign on securing Redis deployments.Recommendations for network segmentation and monitoring., Code fixes in patched versionsSecurity hardening recommendationsPublic awareness campaigns (e.g., BSI alert).
.png)
Latest Global CVEs (Not Company-Specific)
Description
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. Root causeThe commitHash variable, derived from user input via the --commit-hash CLI argument, is interpolated directly into a shell command using template literals (e.g., execSync(`git show -s --format=%B ${commitHash}`)). Shell metacharacters are interpreted by the shell, enabling command execution. ImpactThis vulnerability is generally hard to exploit, as it requires --commit-hash to be attacker controlled. The vulnerability primarily affects CI/CD environments where `wrangler pages deploy` is used in automated pipelines and the --commit-hash parameter is populated from external, potentially untrusted sources. An attacker could exploit this to: * Run any shell command. * Exfiltrate environment variables. * Compromise the CI runner to install backdoors or modify build artifacts. Credits Disclosed responsibly by kny4hacker. Mitigation * Wrangler v4 users are requested to upgrade to Wrangler v4.59.1 or higher. * Wrangler v3 users are requested to upgrade to Wrangler v3.114.17 or higher. * Users on Wrangler v2 (EOL) should upgrade to a supported major version.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).
Risk Information
cvss3
Base: 8.1
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=redisinc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
