[CIVN-2025-0246] Remote Code Execution Vulnerability in Redis (RediShell)
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Remote Code Execution Vulnerability in Redis (RediShell)
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Redis version 8.2.1 and prior
Overview
A vulnerability has been reported in Redis which could allow a remote attacker to execute arbitrary code on the targeted system.
Target Audience:
Individuals and end-user organizations using affected Redis.
Risk Assessment:
High risk of sensitive data disclosure and system compromise.
Impact Assessment:
Potential for remote code execution and system compromise.
Description
Redis is an open-source, in-memory data structure store used as a high-performance database, cache, and message broker for applications needing rapid data access and processing.
This vulnerability exists in Redis due to a use-after-free memory corruption issue. A remote attacker could exploit this vulnerability by sending a specially crafted Lua script that manipulate the garbage collector and potentially lead to remote code execution.
Successful exploitation of this vulnerability could allow an attacker to gain authenticated access to Redis instance.
Solution
Apply appropriate software updates as mentioned by the vendor:
https://redis.io/blog/security-advisory-cve-2025-49844/
Vendor Information
Redis
https://redis.io/blog/security-advisory-cve-2025-49844/
References
Redis
https://redis.io/blog/security-advisory-cve-2025-49844/
CVE Name
CVE-2025-49844
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjlGYUACgkQ3jCgcSdc
ys8xAQ//YtozwNh0IB3XwF7qLWlnLH3iXnKZn0e6gN0g+wY4eNc0TGsItXITWJWL
IcFCEssihFwtpbk8qCcid3J8wILOnap93LXQf2uh+tK/n5b/quvm4AH+6j5UWvXX
Wd5YxXpIAh4U8Z/RJa8IBGAqQvv+aOB2PLoAT+H240mp7mQgYH6lutXXRVzduAc5
Xe1ZFjXxvJPTQtvKClL80psudFw66u+JDHo7J0lEF4atOkhwtfsQEwAZdMsTORq2
lDaJSp2CeaYgk82hK1tz5I8VLtRiLD5LEoCgqgMV01pT7Z/huSNQe099bBn7vu2d
4XnahIPGW/bpqj+C8Rfj/AP7sObbT2+PtW6RdQduNwcsGAkMBkKGk1oj06aRRDVo
PIZb2tCxT++F0itx7apBqa5UwJTLAzuUYSgxaKH0R6pY4TAAujvSeEGbZ4qURLir
+rix4Q4X18TWTZccQlP5+32GEHzjl1RURfyFjTpteQAVOPLUYGPgxqtlF/edpZZd
cAVISTbYj10s/aD/sBYCawxC+gHAmYiqxZWBW1LG89qRncc1paco9gB8GwkryiE5
MkAeVEkebwYukJ9Uh/XeOLov0UfpLqSCeO3NIDdOLA3i5IuZOWEKq7jf29Jib8KL
Adb8DfYTGPpKox/t6A76+MiblXxEro8MiOOIHZlLWW2XntsRChk=
=S4RG
—–END PGP SIGNATURE—–
