























On October 3, 2025, CVE-2025-49844 was released, describing a critical remote code execution vulnerability in the widely used open-source in-memory data store, Redis. With a CVSS score of 10.0, this issue is very severe and should be addressed quickly.
CVE-2025-49844 is a use-after-free memory corruption bug that has been present in the Redis source code for approximately 13 years. It allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger the use-after-free condition, and potentially achieve remote code execution. By default, Redis does not come with authentication enabled, and as a result, many developers do not enable authentication in their deployments.
This vulnerability was discovered by security researchers at Wiz and reported through Pwn2Own Berlin in May 2025, and it has been dubbed "RediShell." Redis published patches on October 3, 2025.
At the time of this publication, no exploit code is publicly available. However, proof-of-concept tools are making progress towards successful execution.
CVE-2025-49844 impacts all Redis versions that include Lua scripting support.
Fixed Redis OSS/CE/Stack versions:
Fixed Redis Software (Enterprise) versions:
Redis Cloud customers were automatically patched and do not require action.
RediShell exploits insufficient validation of object liveness during garbage collection in Redis's Lua scripting subsystem. Lua scripting is enabled by default in Redis and commonly used to extend functionality.
The attack enables an authenticated user to send a malicious Lua script that allows arbitrary code execution outside of the Redis Lua interpreter sandbox, in turn granting unauthorized access to the underlying host. The technical mechanism involves:
After compromising a Redis host, attackers can steal credentials, deploy malware, extract sensitive data from Redis, move laterally to other systems, or use stolen information to gain access to cloud services.
With Sysdig Secure, users can leverage “RediShell Detection” in the Threat Intelligence Feed to automatically query their environments for vulnerability versions of Redis.

Users can also rely on Sysdig vulnerability management to track CVE-2025-49844, and Sysdig Sage™ for guided remediation.
Immediate Actions:
Security Best Practices:
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。