Redis has revealed a critical security flaw (CVE-2025-49844) that could allow remote code execution when exploited with a specially crafted Lua script. The vulnerability impacts all Redis versions and necessitates strong authentication and configuration settings to mitigate risk. #Redis #CVE-2025-49844
Keypoints
- The security flaw in Redis permits remote code execution via malicious Lua scripts.
- This use-after-free vulnerability has existed in Redis for approximately 13 years.
- Exploitation requires an attacker to gain authenticated access to a Redis instance.
- Redis versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2 contain fixes for this issue.
- Thousands of Redis instances are exposed online, increasing the risk of exploitation and data breaches.
Read More: https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html