XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Mitigations and impact of CVE-2025-49844 (Redis)

    Scheduled Pinned Locked Moved Management
    2 Posts 2 Posters 199 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      edsilber
      last edited by

      Anybody have a sense of impact and scope of recently released redis security alert? CVE-2025-49844 I see 6x in some of our older xo environments and 7.0.xx in xoa

      We have a ticket in but wondering if anybody else has started troubleshooting this yet

      Last login: Tue Aug 26 08:08:15 2025 from 10.136.192.170
      $ redis-server
      3379289:C 07 Oct 2025 11:56:33.844 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
      3379289:C 07 Oct 2025 11:56:33.844 # Redis version=7.0.15, bits=64, commit=00000000, modified=0, pid=3379289, just started

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Hi,

        To start, it's good to read: https://docs.vates.tech/security/

        Especially https://docs.vates.tech/security/#contact--disclosure

        Then, I can answer here directly: we are not affected since Redis is only listening locally, therefore it's not exposed outside XO. There's nothing interesting to do with that CVE, because in order to use it, you already must be a privileged user.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post