A critical vulnerability impacting Redis has been reported. It has been assigned the reference CVE-2025-49844 and a CVSS 3.1 score of 10.
It should be noted that proof of concept are publicly public, about this CVE-2025-49844.
Initial vector attack of the Redis vulnerability
The vulnerability tracked as CVE-2025-49844 allows an attacker to remotely execute some code on the system, throught a Lua script injection.
Technical details of the Redis vulnerability
A Use-After-Free vulnerability lies in the Redis source code since 13 years at least. With the default configuration, it is possible to send Lua scripts to the Redis server, which will be executed in sandbox mode.
But under some conditions, it is possible to exit the sandbox mode, and execute some code directly on the server.
Attack modelling with MITRE ATT&CK
MITRE ATT&CK
- T1190 : Content Injection
- T1190 : Exploit Public-Facing Application
- T1059 : Command and Scripting Interpreter
How to protect against the Redis vulnerability with Stormshield Network Security
Protection against CVE-2025-49844
Stormshield Network Security (SNS) firewalls detect and block exploitation of CVE-2025-10035 with the following IPS signature:
- tcp:client:port:65 : Exploitation of a use-after-free vulnerability in Redis (RediShell CVE-2025-49844)
Confidence index for the protection offered by Stormshield |
Confidence index for the absence of false positives |
Recommandations regarding the Redis vulnerability
It is highly recommended to update the Redis to one of those versions:
- 4.2-131 or above
- 2.4-138 or above
- 4.6-272 or above
- 8.6-207 or above
- 22.2-12 or above
You can also update Redis OSS/CE to one of the following versions:
- 7.2.11 or above
- 7.4.6 or above
- 8.0.4 or above
- 8.2.2 or above
Or update Redis stack to one of the following versions:
- 7.2.0-v19 or above
- 7.4.0-v7 or above
It is also recommended to restrict usage of the EVAL and EVALSHA commands:
redis-cli ACL SETUSER {user} -EVAL -EVALSHA
redis-cli CONFIG REWRITE
