Full Report
A critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security firm Wiz, revealing a use-after-free memory corruption issue that enables attackers to escape the Lua sandbox and […] The post Critical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Analysis Summary
# Vulnerability: RediShell RCE via Redis Lua Engine Use-After-Free
## CVE Details
- CVE ID: CVE-2025-49844
- CVSS Score: Not specified by the source (Implied Criticial/High due to RCE)
- CWE: Use-After-Free (Memory Corruption)
## Affected Systems
- Products: Redis (instances utilizing the Lua scripting engine)
- Versions: Multiple versions spanning since approximately 2012 (specific fixed versions not provided in source)
- Configurations: Instances where the Lua scripting capabilities are enabled and accessible. High risk noted for unauthenticated, internet-exposed instances.
## Vulnerability Description
CVE-2025-49844 is a critical Use-After-Free (UAF) memory corruption vulnerability existing within Redis’s Lua scripting engine. This flaw allows an attacker to manipulate the behavior of the Lua garbage collector via specially crafted Lua scripts. Successful manipulation enables an attacker to break out of the intended Lua sandbox environment, leading to arbitrary native code execution on the host system (Remote Code Execution).
## Exploitation
- Status: Publicly disclosed (early October 2025); Implied active scanning/potential exploitation due to high internet exposure of vulnerable instances (8,500+ flagged).
- Complexity: Low (Especially when authentication is disabled or misconfigured on exposed instances).
- Attack Vector: Network
## Impact
- Confidentiality: High (Achieve host-level compromise).
- Integrity: High (Arbitrary code execution allows system modification).
- Availability: High (Potential for system takeover or denial of service).
## Remediation
### Patches
- **Specific Fixed Versions:** Not provided in the source material. Administrators must consult official Redis advisories immediately for specific rolling versions that address CVE-2025-49844.
### Workarounds
- Ensure strong authentication is enforced on all Redis instances.
- Restrict network access to Redis instances via firewalls, ensuring they are not directly accessible from the public internet unless absolutely necessary and properly secured.
- Disable the Lua scripting feature if not explicitly required for application functionality.
## Detection
- **Indicators of Compromise:** Anomalous behavior within the Redis process space, unexpected system calls originating from the Redis service, or the execution of unusual external binaries/scripts.
- **Detection Methods and Tools:** Network monitoring for suspicious command traffic directed at Redis ports, and security tools capable of deep inspection of Redis command streams for highly complex or obfuscated Lua payloads. Threat intelligence platforms identified over 8,500 vulnerable, exposed instances globally as of late October 2025.
## References
- Vendor Advisory: Consult official Redis security disclosures for patching information regarding CVE-2025-49844.
- Disclosure Source: gbhackers dot com/redishell-rce-vulnerability/
- Threat Intelligence: blog dot criminalip dot io/2025/10/29/redishell-rce-alert-over-8000-redis-instances-immediate-update-recommended/