Redis recently released a security advisory regarding CVE-2025-49844. This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute remote code on older versions of Redis and Valkey with Lua scripting enabled. Developers are urged to upgrade to patched releases as soon as possible.
Exploiting the so-called “RediShell” remote code execution vulnerability, an authenticated user can use a specially crafted script to manipulate the garbage collector, trigger a use-after-free, and potentially execute arbitrary code remotely.
The vulnerability exploits a 13-year-old UAF memory corruption bug in Redis, allowing a post-auth attacker to send a crafted Lua script to escape the default Lua sandbox and execute arbitrary native code. This grants full host access, enabling data theft, wiping, encryption, resource hijacking, and lateral movement within cloud environments. Riaz Lakhani, CISO at Redis, warns:
Exploitation of this vulnerability requires an attacker to first gain authenticated access to your Redis instance. There are several steps you can take to protect your Redis from being accessed by a malicious actor.
In its security advisory, Redis recommends following security best practices, restricting network access with firewalls and network policies, enforcing strong authentication, and limiting permissions to allow only trusted identities to run Lua scripts or other potentially risky commands.
The exploitation starts with the attacker sending a malicious Lua script that exploits a use-after-free vulnerability, escapes the Lua sandbox, and achieves arbitrary code execution. The attacker can then establish a reverse shell for persistent access and system compromise, for example, exfiltrating sensitive data from Redis, installing malware, or stealing credentials. Furthermore, on a public cloud provider, stolen IAM tokens could be used to access other cloud services, escalate privileges, and move to additional systems. The vulnerability was initially reported by Wiz researchers Benny Isaacs, Nir Brakha, and Sagi Tzadik, who wrote:
Given that Redis is used in an estimated 75% of cloud environments, the potential impact is extensive. Organizations are strongly urged to patch instances immediately by prioritizing those that are exposed to the internet.
While there is no evidence that the vulnerability was ever exploited, Wiz identified 330K Redis instances exposed to the internet, including over 60K without authentication configured, and 57% of cloud environments installing Redis as container images, many without proper security hardening.
Allen Helton, ecosystem engineer at Momento and AWS Hero, and Khawaja Shams, co-founder and CEO of Momento, published an article about securing Redis and Valkey clusters. Shams summarizes on LinkedIn:
CVE-2025-49844 lets attackers escape the Lua sandbox and execute code on the host. That’s bad enough. But the bigger issue? We often see customers with cache clusters inside VPCs still run without authentication. Even after you patch, anyone or anything in your network can connect to your cache and start manipulating data. No exploit required. If you take one action today — put a password on your Valkey nodes. Everything else can wait.
Matthias Endler, Rust consultant, questions whether the language used is the main issue and comments:
13 years. That’s how long it took to find a critical safety vulnerability in one of the most popular C open source codebases, Redis. This is software that was expertly written by some of the best engineers in the world and yet, mistakes can still happen! It’s just that in C a “mistake” can often mean a memory-safety bug that would put user data at risk (…) That’s the nature of memory-safety bugs in C: they can hide in plain sight.
The fix has been backported to all supported releases. According to the Redis documentation, developers should update to 7.22.2-20 or later, 7.8.6-207 or later, 7.4.6-272 or later, 7.2.4-138 or later, or 6.4.2-131 or later. Valkey, a fork of Redis, is also affected and has released the following versions to address it: 7.2.11, 8.0.6, and 8.1.4.
