A vulnerability in Redis in-memory retailer posed a vital threat for servers internet hosting the database.
The vulnerability, recognized as CVE-2025-49844 or RediShell, stemmed from a use-after-free reminiscence corruption bug that has existed within the Redis code base for round 13 years and posed a distant code execution threat.
Whereas the flaw required authentication to take advantage of, an estimated 60,000 web uncovered Redis situations have been uncovered to the web with out authentication enabled, leaving these programs open to assault. Wiz researchers found the flaw and used it within the Pwn2Own Berlin contest in Might 2025, weeks earlier than its public disclosure in October 2025.
LionWiki native file inclusion
Age: 11 years, 11 months
Date launched: November 2008
Date fastened: October 2020
LionWiki is a minimalist wiki engine, programmed in PHP. In contrast to many widespread wiki engines, LionWiki doesn’t use a database, and as a substitute is completely file-based. As a result of its aim is simplicity, it is a power, however it additionally makes a big vulnerability potential.
In essence, the varied recordsdata underlying a selected LionWiki occasion are accessed by file and pathnames within the URL of the corresponding pages. Because of this, with a appropriately crafted URL, you possibly can traverse the filesystem of the server internet hosting the LionWiki occasion. There are URL-filtering provisions in place to dam makes an attempt to do that, however as Infosec Institute Cyber Vary Engineer June Werner found, they could possibly be defeated pretty simply.
One factor Werner famous is that the vulnerability endured regardless of makes an attempt to appropriate it. “Some mitigations have been first put in place in July of 2009, after which extra in depth mitigations have been put in place in January of 2012,” she famous. “Regardless of these mitigations, the code was nonetheless weak to the identical sort of assault. This vulnerability stayed within the code for an additional eight years till it was rediscovered, together with a technique to bypass the mitigations, in October 2020.” After the bug was formally reported, it was patched by the developer.
sudo host
Age: 11 years, 10 months
Date launched: September 2013
Date fastened: July 2024
The sudo command is a vital instrument in any Unix admin’s toolkit, granting superpowered consumer privileges to those that have the permission to invoke it. To entry these privileges, a consumer should be listed in a configuration file known as sudoers. As a result of many organizations centrally administer many Unix hosts, sudoers can embrace a listing of particular hosts the place every consumer has sudo rights, in order that these config recordsdata might be written as soon as after which be pushed out to all of the group’s hosts.
The issue is that, to get entry to the sudoers file and see the hosts on which you or one other consumer may need sudo powers, you want these sudo powers your self. However a command-line flag meant to let customers view host-specific privileges could possibly be abused to trick sudo into treating the command as if it have been working on a special host — doubtlessly one the place the consumer has elevated privileges. That might enable the consumer to run instructions, together with those who edit sudoers, even when they shouldn’t have that entry on the native machine. This security flaw isn’t rated as too severe, however it did lurk undetected for practically 12 years. (One other extra severe flaw with the chroot choice, revealed on the identical time, is a mere child at two years previous.)
HashiCorp Vault and CyberArk Conjur logic flaws
Age: 10 years
Date launched: 2015[1]
Date fastened: August 2025
A number of flaws in parts of HashiCorp Vault and CyberArk Conjur, two open-source credential administration programs, left the door open to a wide range of assaults, together with authentication bypass and the theft or erasure of supposedly protected secrets and techniques.
Each HashiCorp Vault and CyberArk Conjur are used for storing and controlling entry to secrets and techniques corresponding to API keys, database passwords, certificates, and encryption keys. Every know-how is usually utilized in DevSecOps pipelines.
Researchers from Cyata found an array of points, a lot of which had remained hidden within the codebase of extensively used open-source secrets and techniques vaults for years. The vulnerabilities have been found after handbook code opinions that centered on logic flaws in parts liable for authentication and coverage enforcement slightly than reminiscence corruption points sometimes detected by automated instruments.
Findings from the analysis — which led to the invention of a mixed whole of 14 vulnerabilities within the two secrets and techniques vaults — have been revealed at Black Hat USA in August 2025.
Essentially the most extreme vulnerability in HashiCorp Vault (CVE-2025-6000) created a mechanism for attackers to delete a vital file containing the keys wanted to decrypt saved secrets and techniques, leaving knowledge unreachable.
All of the vulnerabilities have been addressed earlier than the analysis was publicly disclosed.
Linux GRUB2 Safe Boot gap
Age: 10 years
Date launched: 2010
Date fastened: July 2020
When UEFI was launched to exchange BIOS, it was deemed the slicing fringe of security, with options to battle assaults that operated on the extent of the bootloading software program that begins up an OS. Key to that is an interlocked chain of signed cryptographic certificates that verifies every bootloader program as legit, a mechanism often called Safe Boot. The foundation certificates for UEFI is signed by Microsoft, and Linux distributions put their very own bootloaders, every with its personal validated certificates, additional down the chain.
However GRUB2, a extensively widespread Linux bootloader with a UEFI-ready certificates, comprises a buffer overflow vulnerability that may be exploited by malicious code inserted into in its configuration file. (Whereas GRUB2 itself is signed, its configuration file, meant to be editable by native admins, shouldn’t be.) This gap was noticed by Eclypsium, and whereas an attacker would wish to have a level of native management of the goal machine to implement this assault, in the event that they pulled it off efficiently, they might make sure that they continue to be in charge of that pc going ahead every time it boots up, making it troublesome to evict them from the system.
Telnet
Age: 10 years, 8 months
Date launched: Might 2017
Date fastened: Jan 2026
Telnet is an early web protocol and related instruments used for remotely logging into one other machine through a text-based terminal session. Though outmoded by the safer and encrypted SSH know-how because the mid-Nineties, Telnet continues to be extensively utilized by embedded programs, community {hardware}, and different legacy programs.
An easily-exploited Telnet authentication bypass vulnerability (CVE-2026-24061), launched in code adjustments launch in Might 2017, left units working pre-patched variations of the software program broad open to distant compromise, offered that its Telnet server was uncovered to the web.
[1]HashiCorp Vault was first launched in 2015, with CyberArk Conjur turning into accessible in 2016. I’m assuming that at the very least a few of these vulnerabilities date again to the primary launch of every know-how.
