A high-severity Elevation of Privilege vulnerability has been identified in multiple Redis Enterprise products. This flaw, tracked as CVE-2025-59271, could allow an authenticated but low-privileged attacker to gain full administrative control over the affected Redis cluster, potentially leading to unauthorized data access, modification, and complete system compromise.

This vulnerability exists within the management API of Redis Enterprise. A flaw in the authorization checks allows an authenticated user with limited permissions to craft a malicious API request. By sending this specially crafted request to the management endpoint, the attacker can bypass normal security controls and execute commands with administrative privileges, such as creating a new admin-level user or modifying security configurations.

This vulnerability is rated as High severity with a CVSS score of 8.7. Successful exploitation could have a significant business impact, including the compromise of sensitive data stored within the Redis databases, such as customer information, session tokens, and application secrets. An attacker with administrative control could disrupt services by deleting data, alter data to commit fraud, or use the compromised system as a pivot point to move laterally within the organization's network, escalating the security incident. This could lead to a major data breach, regulatory fines, reputational damage, and loss of customer trust.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected Redis Enterprise deployments immediately. Before deployment, patches should be tested in a non-production environment to ensure stability. Following patching, organizations should actively monitor for any signs of exploitation attempts and conduct a thorough review of access logs for any anomalous administrative activity preceding the update.

Proactive Monitoring: Implement enhanced monitoring on Redis Enterprise clusters. Security teams should look for unusual API calls to the management interface, especially from non-administrative users or unexpected network locations. Monitor audit logs for unauthorized user creation, privilege escalations, or configuration changes. An increase in failed login attempts or unusual command execution patterns should trigger an immediate alert.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Strictly limit network access to the Redis Enterprise management interface, ensuring it is only accessible from a small set of trusted administrative hosts. Review all user accounts and enforce the principle of least privilege, removing any unnecessary permissions.

Public Exploit Available: false

Given the high CVSS score of 8.7, this vulnerability poses a critical risk to the organization. We strongly recommend that all affected Redis Enterprise instances be patched on an emergency basis, prioritizing internet-facing and business-critical systems. Although this CVE is not currently listed on the CISA KEV catalog, its severity warrants immediate attention. If patching is delayed, the compensating controls outlined above must be implemented without exception to mitigate the significant risk of data compromise and system takeover.