CVE-2025-10136

Office vulnerability - Redis

High CVSS Score: 7.3 Published: 2026-03-17

Description

A cross-site scripting vulnerability in Redis Office allows attackers to bypass authentication. This affects versions through 10.72.3.

Affected Systems

Vendor Redis
Product Office
Affected Versions < 2.36
CWE ID CWE-287

Mitigation

As a workaround, restrict network access until a patch is available.

Fix Instructions

1. Update Office to the latest version
2. Apply vendor patch when available
3. Implement network segmentation
4. Monitor for exploitation attempts

References

Risk Assessment

CVSS: 7.3/10

Exploit Available Yes
Patch Available Yes

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Related Vulnerabilities

medium

CVE-2024-79561

Office...
high

CVE-2025-84869

Office...
medium

CVE-2025-99312

Photoshop...
low

CVE-2025-74268

Database...
low

CVE-2025-10196

Container Runtime...
high

CVE-2024-76130

Office...

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring