diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index ba7314a9e226..f5af9b864a2a 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -1,110 +1,110 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE vuxml PUBLIC "-//vuxml.org//DTD VuXML 1.1//EN" "http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd" [
 <!ENTITY vuln-2003 SYSTEM "vuln/2003.xml">
 <!ENTITY vuln-2004 SYSTEM "vuln/2004.xml">
 <!ENTITY vuln-2005 SYSTEM "vuln/2005.xml">
 <!ENTITY vuln-2006 SYSTEM "vuln/2006.xml">
 <!ENTITY vuln-2007 SYSTEM "vuln/2007.xml">
 <!ENTITY vuln-2008 SYSTEM "vuln/2008.xml">
 <!ENTITY vuln-2009 SYSTEM "vuln/2009.xml">
 <!ENTITY vuln-2010 SYSTEM "vuln/2010.xml">
 <!ENTITY vuln-2011 SYSTEM "vuln/2011.xml">
 <!ENTITY vuln-2012 SYSTEM "vuln/2012.xml">
 <!ENTITY vuln-2013 SYSTEM "vuln/2013.xml">
 <!ENTITY vuln-2014 SYSTEM "vuln/2014.xml">
 <!ENTITY vuln-2015 SYSTEM "vuln/2015.xml">
 <!ENTITY vuln-2016 SYSTEM "vuln/2016.xml">
 <!ENTITY vuln-2017 SYSTEM "vuln/2017.xml">
 <!ENTITY vuln-2018 SYSTEM "vuln/2018.xml">
 <!ENTITY vuln-2019 SYSTEM "vuln/2019.xml">
 <!ENTITY vuln-2020 SYSTEM "vuln/2020.xml">
 <!ENTITY vuln-2021 SYSTEM "vuln/2021.xml">
 <!ENTITY vuln-2022 SYSTEM "vuln/2022.xml">
 <!ENTITY vuln-2023 SYSTEM "vuln/2023.xml">
 <!ENTITY vuln-2024 SYSTEM "vuln/2024.xml">
 <!ENTITY vuln-2025 SYSTEM "vuln/2025.xml">
 ]>
 <!--
-Copyright 2003-2024 Jacques Vidrine and contributors
+Copyright 2003-2025 Jacques Vidrine and contributors
 
 Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
 HTML, PDF, PostScript, RTF and so forth) with or without modification,
 are permitted provided that the following conditions are met:
 1. Redistributions of source code (VuXML) must retain the above
    copyright notice, this list of conditions and the following
    disclaimer as the first lines of this file unmodified.
 2. Redistributions in compiled form (transformed to other DTDs,
    published online in any format, converted to PDF, PostScript,
    RTF and other formats) must reproduce the above copyright
    notice, this list of conditions and the following disclaimer
    in the documentation and/or other materials provided with the
    distribution.
 
 THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
 BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
 OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
 BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
 QUICK GUIDE TO ADDING A NEW ENTRY
 
 1. run 'make newentry' to add a template to the top of the document
 2. fill in the template
 3. use 'make validate' to verify syntax correctness (you might need to install
    textproc/libxml2 for parser, and this port for catalogs)
 4. fix any errors
 5. use 'make VID=xxx-yyy-zzz html' to emit the entry's html file for formatting review
 6. profit!
 
 Additional tests can be done this way:
  $ make vuln-flat.xml
  $ pkg audit -f ./vuln-flat.xml py26-django-1.6
  $ pkg audit -f ./vuln-flat.xml py27-django-1.6.1
 
 Extensive documentation of the format and help with writing and verifying
 a new entry is available in The Porter's Handbook at:
 
   https://docs.freebsd.org/en/books/porters-handbook/security/#security-notify
 
 Help is also available from ports-security@freebsd.org.
 
 Notes:
 
   * Please add new entries to the beginning of the current year's file.
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 &vuln-2025;
 &vuln-2024;
 &vuln-2023;
 &vuln-2022;
 &vuln-2021;
 &vuln-2020;
 &vuln-2019;
 &vuln-2018;
 &vuln-2017;
 &vuln-2016;
 &vuln-2015;
 &vuln-2014;
 &vuln-2013;
 &vuln-2012;
 &vuln-2011;
 &vuln-2010;
 &vuln-2009;
 &vuln-2008;
 &vuln-2007;
 &vuln-2006;
 &vuln-2005;
 &vuln-2004;
 &vuln-2003;</vuxml>
 <!-- EOF -->
 <!-- Note:  Please add new entries to the beginning of this file. -->
 <!-- ex: set ts=8 tw=80 sw=2: -->
 <!-- vim: set softtabstop=2 noexpandtab: -->
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 5588926228b8..f4e44f9d9f30 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,34 +1,116 @@
+  <vuln vid="4d79fd1a-cc93-11ef-abed-08002784c58d">
+    <topic>redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+	<range><ge>7.0.0</ge><lt>7.4.2</lt></range>
+      </package>
+      <package>
+	<name>redis72</name>
+	<range><lt>7.2.7</lt></range>
+      </package>
+      <package>
+	<name>valkey</name>
+	<range><lt>8.0.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Redis core team reports:</p>
+	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9">
+	  <p>
+	    An authenticated with sufficient privileges may create a
+	    malformed ACL selector which, when accessed, triggers a
+	    server panic and subsequent denial of service.The problem
+	    exists in Redis 7.0.0 or newer.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-51741</cvename>
+      <url>https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9</url>
+    </references>
+    <dates>
+      <discovery>2025-01-06</discovery>
+      <entry>2025-01-10</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="5f19ac58-cc90-11ef-abed-08002784c58d">
+    <topic>redis,valkey -- Remote code execution valnerability</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+	<range><lt>7.4.2</lt></range>
+      </package>
+      <package>
+	<name>redis72</name>
+	<range><lt>7.2.7</lt></range>
+      </package>
+      <package>
+	<name>redis62</name>
+	<range><lt>6.2.17</lt></range>
+      </package>
+      <package>
+	<name>valkey</name>
+	<range><lt>8.0.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Redis core team reports:</p>
+	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c">
+	  <p>
+	    An authenticated user may use a specially crafted Lua
+	    script to manipulate the garbage collector and potentially
+	    lead to remote code execution. The problem exists in all
+	    versions of Redis with Lua scripting.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-46981</cvename>
+      <url>https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c</url>
+    </references>
+    <dates>
+      <discovery>2025-01-06</discovery>
+      <entry>2025-01-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
     <topic>Gitlab -- Vulnerabilities</topic>
     <affects>
       <package>
 	<name>gitlab-ce</name>
 	<name>gitlab-ee</name>
 	<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
 	<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
 	<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Gitlab reports:</p>
 	<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
 	  <p>Possible access token exposure in GitLab logs</p>
 	  <p>Cyclic reference of epics leads resource exhaustion</p>
 	  <p>Unauthorized user can manipulate status of issues in public projects</p>
 	  <p>Instance SAML does not respect external_provider configuration</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2025-0194</cvename>
       <cvename>CVE-2024-6324</cvename>
       <cvename>CVE-2024-12431</cvename>
       <cvename>CVE-2024-13041</cvename>
       <url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
     </references>
     <dates>
       <discovery>2025-01-08</discovery>
       <entry>2025-01-08</entry>
     </dates>
   </vuln>