- Redis Corrects CVE-2025-49844, a critical bug allowing the execution of code remotely via an abuse of LUA script
- Vulnerability has existed for 13 years; Affects versions 8.2.1 and lower, now corrected in version 8.2.2
- More than 60,000 instances exposed do not have authentication; Urgent updates and ACL restrictions are strongly advised
Redis, a popular open source data store, included a critical vulnerability which allowed malicious actors to execute malicious remote code. It has been corrected in its latest version, which users are now invited to install.
Redis, abbreviation of Remote Dictionary Server, is an open source data store used as a database, cache and message broker for rapid access to data and real -time applications, used in a wide range of cloud environments.
A security notice indicates that 13 years ago, a vulnerability of use after release was introduced into the source code of Redis. Authenticated actors can create a personalized LUA script to trigger it, escape the Lua sandbox and establish an inverted shell and remote code execution capacities. This in turn allows all kinds of malicious activities, from theft of identification information to infections by malware, including cryptojackers, data leaks, etc.
Thousands of vulnerable bodies
The bug is followed as CVE-2025-49844 and received a gravity score of 9.9/10 (critic). It was found in versions 8.2.1 and lower and corrected in version 8.2.2.
Those who cannot go to the most recent version in time should prevent users from executing LUA scripts, which can be done using ACL to restrict Eval and Evalsha commands.
Quoting Wiz safety researchers, Appraiser Also indicates that around 330,000 Redis instances are exposed online, of which at least 60,000 are vulnerable because they do not require any authentication.
The actual number of vulnerable rediscreet instances is probably much higher than that, if we include low identification information or devices already compromised by different vulnerabilities.
“The combination of a generalized deployment, unsecured configurations by default and the severity of the vulnerability creates an urgent need for immediate corrective measures. Organizations must give priority to the update of their Redis bodies and to the implementation of appropriate security controls to protect themselves from any exploitation, ”noted WIZ.
Via Appraiser
