A vulnerability in Redis in-memory retailer posed a crucial threat for servers internet hosting the database.
The vulnerability, recognized as CVE-2025-49844 or RediShell, stemmed from a use-after-free reminiscence corruption bug that has existed within the Redis code base for round 13 years and posed a distant code execution threat.
Whereas the flaw required authentication to use, an estimated 60,000 web uncovered Redis cases have been uncovered to the web with out authentication enabled, leaving these methods open to assault. Wiz researchers found the flaw and used it within the Pwn2Own Berlin contest in Could 2025, weeks earlier than its public disclosure in October 2025.
LionWiki native file inclusion
Age: 11 years, 11 months
Date launched: November 2008
Date mounted: October 2020
LionWiki is a minimalist wiki engine, programmed in PHP. Not like many fashionable wiki engines, LionWiki doesn’t use a database, and as a substitute is fully file-based. As a result of its purpose is simplicity, it is a power, however it additionally makes a major vulnerability potential.
In essence, the varied information underlying a specific LionWiki occasion are accessed by file and pathnames within the URL of the corresponding pages. Which means, with a appropriately crafted URL, you might traverse the filesystem of the server internet hosting the LionWiki occasion. There are URL-filtering provisions in place to dam makes an attempt to do that, however as Infosec Institute Cyber Vary Engineer June Werner found, they may very well be defeated pretty simply.
One factor Werner famous is that the vulnerability continued regardless of makes an attempt to appropriate it. “Some mitigations were first put in place in July of 2009, and then more extensive mitigations were put in place in January of 2012,” she famous. “Despite these mitigations, the code was still vulnerable to the same type of attack. This vulnerability stayed in the code for another eight years until it was rediscovered, along with a way to bypass the mitigations, in October 2020.” After the bug was formally reported, it was patched by the developer.
sudo host
Age: 11 years, 10 months
Date launched: September 2013
Date mounted: July 2024
The sudo command is a crucial instrument in any Unix admin’s toolkit, granting superpowered person privileges to those that have the permission to invoke it. To entry these privileges, a person have to be listed in a configuration file referred to as sudoers. As a result of many organizations centrally administer many Unix hosts, sudoers can embody an inventory of particular hosts the place every person has sudo rights, in order that these config information may be written as soon as after which be pushed out to all of the group’s hosts.
The issue is that, to get entry to the sudoers file and see the hosts on which you or one other person might need sudo powers, you want these sudo powers your self. However a command-line flag supposed to let customers view host-specific privileges may very well be abused to trick sudo into treating the command as if it have been operating on a special host — doubtlessly one the place the person has elevated privileges. That would permit the person to run instructions, together with those who edit sudoers, even when they shouldn’t have that entry on the native machine. This safety flaw isn’t rated as too critical, however it did lurk undetected for practically 12 years. (One other extra critical flaw with the chroot possibility, revealed on the similar time, is a mere child at two years previous.)
HashiCorp Vault and CyberArk Conjur logic flaws
Age: 10 years
Date launched: 2015[1]
Date mounted: August 2025
A number of flaws in elements of HashiCorp Vault and CyberArk Conjur, two open-source credential administration methods, left the door open to quite a lot of assaults, together with authentication bypass and the theft or erasure of supposedly protected secrets and techniques.
Each HashiCorp Vault and CyberArk Conjur are used for storing and controlling entry to secrets and techniques reminiscent of API keys, database passwords, certificates, and encryption keys. Every know-how is usually utilized in DevSecOps pipelines.
Researchers from Cyata found an array of points, lots of which had remained hidden within the codebase of broadly used open-source secrets and techniques vaults for years. The vulnerabilities have been found after handbook code opinions that centered on logic flaws in elements answerable for authentication and coverage enforcement slightly than reminiscence corruption points usually detected by automated instruments.
Findings from the analysis — which led to the invention of a mixed complete of 14 vulnerabilities within the two secrets and techniques vaults — have been revealed at Black Hat USA in August 2025.
Essentially the most extreme vulnerability in HashiCorp Vault (CVE-2025-6000) created a mechanism for attackers to delete a crucial file containing the keys wanted to decrypt saved secrets and techniques, leaving information unreachable.
All of the vulnerabilities have been addressed earlier than the analysis was publicly disclosed.
Linux GRUB2 Safe Boot gap
Age: 10 years
Date launched: 2010
Date mounted: July 2020
When UEFI was launched to interchange BIOS, it was deemed the reducing fringe of safety, with options to struggle assaults that operated on the extent of the bootloading software program that begins up an OS. Key to that is an interlocked chain of signed cryptographic certificates that verifies every bootloader program as legit, a mechanism often called Safe Boot. The basis certificates for UEFI is signed by Microsoft, and Linux distributions put their very own bootloaders, every with its personal validated certificates, additional down the chain.
However GRUB2, a broadly fashionable Linux bootloader with a UEFI-ready certificates, accommodates a buffer overflow vulnerability that may be exploited by malicious code inserted into in its configuration file. (Whereas GRUB2 itself is signed, its configuration file, meant to be editable by native admins, shouldn’t be.) This gap was noticed by Eclypsium, and whereas an attacker would want to have a level of native management of the goal machine to implement this assault, in the event that they pulled it off efficiently, they may be sure that they continue to be in command of that pc going ahead every time it boots up, making it tough to evict them from the system.
Telnet
Age: 10 years, 8 months
Date launched: Could 2017
Date mounted: Jan 2026
Telnet is an early web protocol and related instruments used for remotely logging into one other machine by way of a text-based terminal session. Though outmoded by the safer and encrypted SSH know-how for the reason that mid-Nineties, Telnet continues to be broadly utilized by embedded methods, community {hardware}, and different legacy methods.
An easily-exploited Telnet authentication bypass vulnerability (CVE-2026-24061), launched in code modifications launch in Could 2017, left gadgets operating pre-patched variations of the software program extensive open to distant compromise, offered that its Telnet server was uncovered to the web.
[1]HashiCorp Vault was first launched in 2015, with CyberArk Conjur changing into accessible in 2016. I’m assuming that not less than a few of these vulnerabilities date again to the primary launch of every know-how.
