RediShell: Critical remote code execution vulnerability in Redis
8 hours ago
- #Redis
- #RCE
- #Cybersecurity
- Wiz Research discovered a critical RCE vulnerability, CVE-2025-49844 (#RediShell), in Redis with a CVSS score of 10.0.
- The vulnerability is a Use-After-Free (UAF) bug allowing post-auth attackers to execute arbitrary code via malicious Lua scripts.
- Redis is used in ~75% of cloud environments, making the potential impact extensive.
- Approximately 330,000 Redis instances are exposed to the internet, with 60,000 having no authentication.
- 57% of cloud environments install Redis as container images, often without proper security hardening.
- Attack flow includes initial exploitation, sandbox escape, system compromise, and lateral movement.
- Redis released a patched version on October 3, 2025. Organizations are urged to update immediately.
- Recommended actions include enabling Redis authentication, disabling unnecessary commands, and restricting access.
- Wiz provides tools to identify affected Redis instances and misconfigurations in customer environments.
- The vulnerability underscores the importance of securing open-source technologies in cloud environments.