Researchers have identified a critical, 13-year-old vulnerability in Redis, allowing attackers to escape the Lua sandbox and execute native code, leading to potential system control. Immediate patching and security measures are crucial for exposed Redis instances given the high severity and widespread use in cloud environments. #CVE-2025-49844 #Redis #RediShell #WizThreats
Keypoints
- The critical flaw CVE-2025-49844 affects all tested Redis versions and can cause system compromise.
- The vulnerability stems from a use-after-free bug in Redisβs codebase, existing for 13 years.
- Exploiting the flaw enables malicious scripts to break out of the Lua sandbox and run native code on the host.
- Over 330,000 Redis instances are exposed online, with many running with default configurations and no authentication.
- Researchers recommend immediate upgrades, configuration hardening, network controls, and credential rotation as mitigations.
Read More: https://thecyberexpress.com/researchers-uncover-13-year-old-redis-flaw/