Critical Redis and Lua Vulnerabilities Affect Multiple Ubuntu Releases

Severity: High (Score: 72.0)

Sources: launchpad.net, Linuxsecurity, Ubuntu

Summary

A series of vulnerabilities have been identified in Redis and Lua, affecting Ubuntu versions 16.04 to 24.04 LTS. The most critical issue, CVE-2025-49844, allows remote attackers to exploit specially crafted Lua scripts, potentially leading to denial of service or arbitrary code execution. This vulnerability was specifically addressed in lua5.1 for Ubuntu 20.04 and 22.04 LTS. Additionally, CVE-2024-31449 and CVE-2022-24834 also pose risks, with the former affecting Redis across several Ubuntu versions including 16.04 and 18.04 LTS. The vulnerabilities were discovered by researchers Seiya Nakata and Yudai Fujiwara. Users are urged to update their systems to mitigate these risks. The issues are significant due to the widespread use of Redis as a persistent key-value database. Immediate action is recommended to prevent potential exploitation. Key Points: • Critical vulnerabilities in Redis and Lua affect Ubuntu LTS versions 16.04 to 24.04. • CVE-2025-49844 allows remote code execution via specially crafted Lua scripts. • Users should update to the latest package versions to mitigate these vulnerabilities.

Key Entities

• DDoS (attack_type)
• CVE-2022-24834 (cve)
• CVE-2024-31449 (cve)
• CVE-2025-49844 (cve)
• Lua (mitre_attack)
• Redis (platform)
• Ubuntu (company)