In early October 2025, a severe security threat emerged with the public disclosure of the RediShell vulnerability, identified as CVE-2025-49844. This critical use-after-free vulnerability in Redis’s Lua scripting engine enables attackers to escape from sandbox restrictions, gaining the ability to execute arbitrary code on affected systems. The vulnerability stems from fundamental flaws within Redis’s architecture, impacting versions dating back to 2012. As of October 27, 2025, researchers report over 8,500 Redis instances exposed on the internet, primarily affecting infrastructures in the United States, France, and Germany.
Attackers can exploit this vulnerability easily, especially in environments where authentication is disabled, which is not uncommon in legacy installations. The exploitation process involves delivering malicious Lua scripts that exploit the use-after-free condition to escape the sandbox, leading to remote code execution privileges. Organizations running vulnerable Redis instances face significant risks, including full infrastructure takeovers, data theft, and potential deployment of ransomware. Immediate patching to secure the affected Redis versions is critical, alongside recommended interim measures for organizations unable to patch quickly.
👉 Pročitaj original: Cyber Security News
