1. Ubuntu Security Notices
  2. USN-7824-1

USN-7824-1: Redis vulnerability

Publication date

15 October 2025

Overview

Redis could be made to crash or run programs if it received specially crafted network traffic from an authenticated user.

Releases

Packages

  • redis - Persistent key-value database with network interface

Details

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Redis server.

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Redis server.

Update instructions

After a standard system update you need to restart Redis to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
25.10 questing redis –  5:8.0.2-3ubuntu0.25.10.1
redis-sentinel –  5:8.0.2-3ubuntu0.25.10.1
redis-server –  5:8.0.2-3ubuntu0.25.10.1
redis-tools –  5:8.0.2-3ubuntu0.25.10.1
25.04 plucky redis –  5:7.0.15-3ubuntu0.1
redis-sentinel –  5:7.0.15-3ubuntu0.1
redis-server –  5:7.0.15-3ubuntu0.1
redis-tools –  5:7.0.15-3ubuntu0.1
24.04 LTS noble redis –  5:7.0.15-1ubuntu0.24.04.2
redis-sentinel –  5:7.0.15-1ubuntu0.24.04.2
redis-server –  5:7.0.15-1ubuntu0.24.04.2
redis-tools –  5:7.0.15-1ubuntu0.24.04.2
20.04 LTS focal redis –  5:5.0.7-2ubuntu0.1+esm4  
redis-sentinel –  5:5.0.7-2ubuntu0.1+esm4  
redis-server –  5:5.0.7-2ubuntu0.1+esm4  
redis-tools –  5:5.0.7-2ubuntu0.1+esm4  
18.04 LTS bionic redis –  5:4.0.9-1ubuntu0.2+esm6  
redis-sentinel –  5:4.0.9-1ubuntu0.2+esm6  
redis-server –  5:4.0.9-1ubuntu0.2+esm6  
redis-tools –  5:4.0.9-1ubuntu0.2+esm6  
16.04 LTS xenial redis-sentinel –  2:3.0.6-1ubuntu0.4+esm4  
redis-server –  2:3.0.6-1ubuntu0.4+esm4  
redis-tools –  2:3.0.6-1ubuntu0.4+esm4  
14.04 LTS trusty redis-server –  2:2.8.4-2ubuntu0.2+esm5  
redis-tools –  2:2.8.4-2ubuntu0.2+esm5  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›