Redis Products Remote Code Execution Vulnerability

Release Date: 8 Oct 2025

RISK: High Risk

TYPE: Servers - Other Servers

A vulnerability has been identified in Redis Products. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2025-49844 is being exploited in the wild. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. Hence, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• All Redis Software releases
• All Redis OSS/CE/Stack releases with Lua scripting

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://redis.io/blog/security-advisory-cve-2025-49844/

---

Vulnerability Identifier

• CVE-2025-49844

---

Source

• Redis

---

Related Link

• https://redis.io/blog/security-advisory-cve-2025-49844/
• https://www.bleepingcomputer.com/news/security/redis-warns-of-max-severity-flaw-impacting-thousands-of-instances/