About Remote Code Execution – Redis “RediShell” (CVE-2025-49844) vulnerability. Redis is a popular in-memory key–value database, used as a distributed cache and message broker, with optional durability. This vulnerability allows a remote authenticated attacker to execute arbitrary code via a specially crafted Lua script. The requirement for authentication does not reduce its severity, because authentication in Redis is disabled by default and is often not used. 🤷♂️
⚙️ The vulnerability was discovered by Wiz researchers and presented at Pwn2Own Berlin in May of this year; it was fixed on October 3 (version 8.2.2).
🛠 As of October 7, a public exploit for the vulnerability is available on GitHub.
👾 There are no reports of attacks so far.
🌐 As of October 7, 330,000 Redis instances were accessible on the Internet, of which 60,000 had no authentication.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.