Trivy and Docker Scout are not able to detect CVE-2025-49844 Redis vulnerability score 10.0

Hi,
I found out that latest score 10 vulnerability is not detect by Trivy, see details here https://github.com/aquasecurity/trivy/discussions/9595 .
It seems that one of the solution might be to distribute SBOM CycloneDX JSON files in one of the layers.
It is because Redis binary cannot be scanned for dependencies etc.
Would you consider support this?
Thank you
Ivos


**From Trivy source-code (and docs):**
- Files with suffix `*.cdx` and `*.cdx.json` somewhere at filesystem like `/sbom/my-sbom-1.cdx.json`.
- https://github.com/aquasecurity/trivy/blob/v0.66.0/pkg/fanal/analyzer/sbom/sbom.go#L24-L29


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Trivy and Docker Scout are not able to detect CVE-2025-49844 Redis vulnerability score 10.0 #482

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Trivy and Docker Scout are not able to detect CVE-2025-49844 Redis vulnerability score 10.0 #482

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions